mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

prevent xss attacks also if some javascript ends up in the alt-tag

This commit is contained in:
Bjoern Schiessle 2012-06-14 14:17:30 +02:00
parent 3e143601fe
commit df4737f52a
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
apps/files_imageviewer/js/jquery.fancybox-1.3.4.js
View File

@ -84,7 +84,6 @@
}
title = selectedOpts.title || (obj.nodeName ? $(obj).attr('title') : obj.title) || '';
title = title.replace(/</, "&lt;").replace(/>/, "&gt;");
if (obj.nodeName && !selectedOpts.orig) {
selectedOpts.orig = $(obj).children("img:first").length ? $(obj).children("img:first") : $(obj);
@ -94,6 +93,8 @@
title = selectedOpts.orig.attr('alt');
}
title = title.replace(/</, "&lt;").replace(/>/, "&gt;");
href = selectedOpts.href || (obj.nodeName ? $(obj).attr('href') : obj.href) || null;
if ((/^(?:javascript)/i).test(href) || href == '#') {

2
apps/files_imageviewer/js/jquery.fancybox-1.3.4.pack.js
View File

File diff suppressed because one or more lines are too long