deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Another XSS fix

Browse source 
Yet another interesting XSS attack from 
  http://ha.ckers.org/xss.html
This commit is contained in:
Jacques Distler 2007-06-11 00:03:51 -05:00
parent aac197430c
commit c2bfdefa57
2 changed files with 14 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
vendor/plugins/HTML5lib/lib/html5lib/sanitizer.rb vendored
View file

@ -114,7 +114,7 @@ module HTML5lib
attrs = Hash[*token[:data].flatten]
attrs.delete_if { |attr,v| !ALLOWED_ATTRIBUTES.include?(attr) }
ATTR_VAL_IS_URI.each do |attr|
val_unescaped = CGI.unescapeHTML(attrs[attr].to_s).gsub(/[\000-\040\177\s]+|\302[\200-\240]/,'').downcase
val_unescaped = CGI.unescapeHTML(attrs[attr].to_s).gsub(/`|[\000-\040\177\s]+|\302[\200-\240]/,'').downcase
if val_unescaped =~ /^[a-z0-9][-+.a-z0-9]*:/ and !ALLOWED_PROTOCOLS.include?(val_unescaped.split(':')[0])
attrs.delete attr
end