Fixed issues reported by cure53.de

Fixed issues CLP-01-014 and CLP-01-015
2025-12-19 21:07:03 +01:00 · 2014-05-02 17:14:18 +02:00
parent 03659f6b3d
commit ed6b4edc82
5 changed files with 47 additions and 11 deletions
--- a/frontend/beta/js/Clipperz/Base.js
+++ b/frontend/beta/js/Clipperz/Base.js
@@ -246,6 +246,34 @@ MochiKit.Base.update(Clipperz.Base, {
 		return result;
 	},

+	'javascriptInjectionPattern': new RegExp("javascript:\/\/\"", "g"),
+	
+	'sanitizeUrl': function(aValue) {
+		var	result;
+		
+		if ((aValue != null) && this.javascriptInjectionPattern.test(aValue)) {
+			result = aValue.replace(this.javascriptInjectionPattern, '');
+			console.log("sanitized url", aValue, result);
+		} else {
+			result = aValue;
+		}
+
+		return result;
+	},
+
+	'sanitizeFavicon': function(aValue) {
+		var	result;
+		
+		if ((aValue != null) && this.javascriptInjectionPattern.test(aValue)) {
+			result = aValue.replace(this.javascriptInjectionPattern, '');
+			console.log("sanitized favicon", aValue, result);
+		} else {
+			result = aValue;
+		}
+
+		return result;
+	},
+
 	//-------------------------------------------------------------------------

 	'exception': {