Changeset 15601 for lang/csharp

Timestamp:

07/10/08 12:00:53 (5 months ago)

Author:

poolmmjp

Message:

せっかくhtmlエスケープされてる部分が戻ってしまう脆弱性を修正。

Files:

• lang/csharp/MMMMB/MMMMB/main.template (modified) (2 diffs)

lang/csharp/MMMMB/MMMMB/main.template

@@ -70 +70 @@
         </style>
         <script type="text/javascript">
+            String.prototype.e = function(){
+                var result = this;
+                result = result.replace(/&/g, '&amp;');
+                result = result.replace(/</g, '&lt;');
+                result = result.replace(/>/g, '&gt;');
+                result = result.replace(/"/g, '&quot;');    //"
+                return result;
+            };
+            
             function name_click(permalink){
                 window.external.NameClick(permalink);
@@ -135 +144 @@
                     if(item.nodeType == 3){
                         var span = document.createElement('span');
-                        span.innerHTML = item.nodeValue.replace(/(https?:\/\/[a-zA-Z0-9_\.\!\~\*\(\);\/\?\:\@\&\=\+\$,%#-]+)/g, '<a href="$1">$1</a>');
+                        span.innerHTML = item.nodeValue.e().replace(/(https?:\/\/[a-zA-Z0-9_\.\!\~\*\(\);\/\?\:\@\&\=\+\$,%#-]+)/g, '<a href="$1">$1</a>');
                         e.insertBefore(span, item);
                         e.removeChild(item);