oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Insufficient filtering in javascript filter (#10001)

Browse source
This commit is contained in:
JT Smith 2009-06-03 15:53:55 +00:00
parent 7e51ddd3b2
commit 9381fd02d8
3 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/WebGUI/HTML.pm
View file

@ -142,7 +142,7 @@ sub filter {
$html =~ s/ / /ixsg ;
WebGUI::Macro::negate(\$html);
} elsif ($type eq "javascript") {
$html =~ s/\<script.*?\/script\>//ixsg;
$html =~ s/\<\s*script.*?\/script\s*\>//ixsg;
$html =~ s/(href="??)javascript\:.*?\)/$1removed/ixsg;
$html =~ s/onClick/removed/ixsg;
$html =~ s/onDblClick/removed/ixsg;