![[staff profile]](https://www.dreamwidth.org/img/silk/identity/user_staff.png){kind=small}
![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
[dw-free] http://bugs.dwscoalition.org/show_bug.cgi?id=1442
[commit: http://hg.dwscoalition.org/dw-free/rev/c907acdb61fd]
http://bugs.dwscoalition.org/show_bug.cgi?id=1442
Better sanitization of attributes that contain 'data:'.
Patch by![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
afuna.
Files modified:
http://bugs.dwscoalition.org/show_bug.cgi?id=1442
Better sanitization of attributes that contain 'data:'.
Patch by
afuna.Files modified:
- cgi-bin/LJ/CleanHTML.pm
--------------------------------------------------------------------------------
diff -r 26da4077388b -r c907acdb61fd cgi-bin/LJ/CleanHTML.pm
--- a/cgi-bin/LJ/CleanHTML.pm Fri Oct 16 04:55:42 2009 +0000
+++ b/cgi-bin/LJ/CleanHTML.pm Fri Oct 16 04:58:28 2009 +0000
@@ -565,11 +565,6 @@ sub clean
next;
}
- if ($attr eq "href" && $hash->{$attr} =~ /^data/) {
- delete $hash->{$attr};
- next;
- }
-
if ($attr =~ /(?:^=)|[\x0b\x0d]/) {
# Cleaner attack: <p ='>' onmouseover="javascript:alert(document/**/.cookie)" >
# is returned by HTML::Parser as P_tag("='" => "='") Text( onmouseover...)
@@ -593,7 +588,7 @@ sub clean
# IE sucks:
my $nowhite = $hash->{$attr};
$nowhite =~ s/[\s\x0b]+//g;
- if ($nowhite =~ /(?:jscript|livescript|javascript|vbscript|about):/ix) {
+ if ($nowhite =~ /(?:jscript|livescript|javascript|vbscript|about|data):/ix) {
delete $hash->{$attr};
next;
}
--------------------------------------------------------------------------------