From ed6b4edc82b0f65c77980713cd525053fcbc1dd2 Mon Sep 17 00:00:00 2001
From: Giulio Cesare Solaroli <giulio.cesare@clipperz.com>
Date: Fri, 02 May 2014 15:14:18 +0000
Subject: Fixed issues reported by cure53.de

Fixed issues CLP-01-014 and CLP-01-015
---
(limited to 'frontend/beta/js/Clipperz/Base.js')

diff --git a/frontend/beta/js/Clipperz/Base.js b/frontend/beta/js/Clipperz/Base.js
index cf40314..1c6faa1 100644
--- a/frontend/beta/js/Clipperz/Base.js
+++ b/frontend/beta/js/Clipperz/Base.js
@@ -246,6 +246,34 @@ MochiKit.Base.update(Clipperz.Base, {
 		return result;
 	},
 
+	'javascriptInjectionPattern': new RegExp("javascript:\/\/\"", "g"),
+	
+	'sanitizeUrl': function(aValue) {
+		var	result;
+		
+		if ((aValue != null) && this.javascriptInjectionPattern.test(aValue)) {
+			result = aValue.replace(this.javascriptInjectionPattern, '');
+			console.log("sanitized url", aValue, result);
+		} else {
+			result = aValue;
+		}
+
+		return result;
+	},
+
+	'sanitizeFavicon': function(aValue) {
+		var	result;
+		
+		if ((aValue != null) && this.javascriptInjectionPattern.test(aValue)) {
+			result = aValue.replace(this.javascriptInjectionPattern, '');
+			console.log("sanitized favicon", aValue, result);
+		} else {
+			result = aValue;
+		}
+
+		return result;
+	},
+
 	//-------------------------------------------------------------------------
 
 	'exception': {
--
cgit v0.9.0.2