Fixed issues reported by cure53.de

Fixed issues CLP-01-014 and CLP-01-015
author: Giulio Cesare Solaroli <giulio.cesare@clipperz.com> 2014-05-02 15:14:18 (UTC)
committer: Giulio Cesare Solaroli <giulio.cesare@clipperz.com> 2014-05-02 15:24:45 (UTC)
commit: ed6b4edc82b0f65c77980713cd525053fcbc1dd2 (patch) (unidiff)
tree: 80eb0e6ccfc4efa15c6488cc83448d8a865169df /frontend/beta/js/Clipperz/Base.js
parent: 03659f6b3d9766898854e8a769c0c9341b3de80c (diff)
download: clipperz-ed6b4edc82b0f65c77980713cd525053fcbc1dd2.zip
clipperz-ed6b4edc82b0f65c77980713cd525053fcbc1dd2.tar.gz
clipperz-ed6b4edc82b0f65c77980713cd525053fcbc1dd2.tar.bz2
1 files changed, 28 insertions, 0 deletions
diff --git a/frontend/beta/js/Clipperz/Base.js b/frontend/beta/js/Clipperz/Base.js
index cf40314..1c6faa1 100644
--- a/frontend/beta/js/Clipperz/Base.js
+++ b/frontend/beta/js/Clipperz/Base.js
@@ -246,6 +246,34 @@ MochiKit.Base.update(Clipperz.Base, {
                return result;
        },
+        'javascriptInjectionPattern': new RegExp("javascript:\/\/\"", "g"),
+        
+        'sanitizeUrl': function(aValue) {
+                        varresult;
+                
+                if ((aValue != null) && this.javascriptInjectionPattern.test(aValue)) {
+                        result = aValue.replace(this.javascriptInjectionPattern, '');
+                        console.log("sanitized url", aValue, result);
+                } else {
+                        result = aValue;
+                }
+                return result;
+        },
+        'sanitizeFavicon': function(aValue) {
+                        varresult;
+                
+                if ((aValue != null) && this.javascriptInjectionPattern.test(aValue)) {
+                        result = aValue.replace(this.javascriptInjectionPattern, '');
+                        console.log("sanitized favicon", aValue, result);
+                } else {
+                        result = aValue;
+                }
+                return result;
+        },
        //-------------------------------------------------------------------------
        'exception': {
author	Giulio Cesare Solaroli <giulio.cesare@clipperz.com>	2014-05-02 15:14:18 (UTC)
committer	Giulio Cesare Solaroli <giulio.cesare@clipperz.com>	2014-05-02 15:24:45 (UTC)
commit	ed6b4edc82b0f65c77980713cd525053fcbc1dd2 (patch) (unidiff)
tree	80eb0e6ccfc4efa15c6488cc83448d8a865169df /frontend/beta/js/Clipperz/Base.js
parent	03659f6b3d9766898854e8a769c0c9341b3de80c (diff)
download	clipperz-ed6b4edc82b0f65c77980713cd525053fcbc1dd2.zip clipperz-ed6b4edc82b0f65c77980713cd525053fcbc1dd2.tar.gz clipperz-ed6b4edc82b0f65c77980713cd525053fcbc1dd2.tar.bz2

diff --git a/frontend/beta/js/Clipperz/Base.js b/frontend/beta/js/Clipperz/Base.js index cf40314..1c6faa1 100644 --- a/frontend/beta/js/Clipperz/Base.js +++ b/frontend/beta/js/Clipperz/Base.js
@@ -246,6 +246,34 @@ MochiKit.Base.update(Clipperz.Base, {
246	return result;	246	return result;
247	},	247	},
248		248
		249	'javascriptInjectionPattern': new RegExp("javascript:\/\/\"", "g"),
		250
		251	'sanitizeUrl': function(aValue) {
		252	varresult;
		253
		254	if ((aValue != null) && this.javascriptInjectionPattern.test(aValue)) {
		255	result = aValue.replace(this.javascriptInjectionPattern, '');
		256	console.log("sanitized url", aValue, result);
		257	} else {
		258	result = aValue;
		259	}
		260
		261	return result;
		262	},
		263
		264	'sanitizeFavicon': function(aValue) {
		265	varresult;
		266
		267	if ((aValue != null) && this.javascriptInjectionPattern.test(aValue)) {
		268	result = aValue.replace(this.javascriptInjectionPattern, '');
		269	console.log("sanitized favicon", aValue, result);
		270	} else {
		271	result = aValue;
		272	}
		273
		274	return result;
		275	},
		276
249	//-------------------------------------------------------------------------	277	//-------------------------------------------------------------------------
250		278
251	'exception': {	279	'exception': {