deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

XSS Security Fix

Browse source 
There  was a XSS vulnerability in the handling of categories. Now they are escaped.
This commit is contained in:
Jacques Distler 2007-09-02 00:33:28 -05:00
parent 6fd6be8fea
commit 5ff1b7f6da
2 changed files with 8 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
lib/chunks/chunk.rb
View file

@ -74,6 +74,13 @@ module Chunk
@content.delete_chunk(self)
end
def html_escape(string)
string.gsub( /&/, "&" ).
gsub( /</, "&lt;" ).
gsub( />/, "&gt;" ).
gsub( /"/, "&quot;" )
end
end
end