Changeset 7331

Timestamp:

03/01/08 19:39:24 (5 years ago)

Author:

drry

Message:

lang/javascript/userscripts/googlereaderfullfeed.user.js:

• fixed regexps in removeXSSRisks().
  

Files:

• lang/javascript/userscripts/googlereaderfullfeed.user.js (modified) (2 diffs)

lang/javascript/userscripts/googlereaderfullfeed.user.js

@@ -451 +451 @@
   return text
   // embedによるXSSの対策処理
-    .replace(/(<embed[^>]+?allowScriptAccess\s*=\s*)(?:(["'])\s*always\s*\2|always)(?=[^>]*?>)/gi, "$1$2never$2")
+    .replace(/(<embed[^>]*?\sallowScriptAccess\s*=\s*)(?:(["'])\s*always\s*\2|always)(?=[^>]*?>)/gi, "$1$2never$2")
   // objectのparam要素によるXSSの対策処理
-    .replace(/(<param[^>]+?)(?:(name\s*=\s*(?:(["'])\s*allowScriptAccess\s*\3|allowScriptAccess\s)[^>]*?value\s*=\s*)(?:(["'])\s*always\s*\4|always)(?=[^>]*?\/?>)|(value\s*=\s*)(?:(["'])\s*always\s*\6|always)(?=[^>]*?name\s*=\s*(?:(["'])\s*allowScriptAccess\s*\7|allowScriptAccess)[^>]*?\/?>))/gi, "$1$2$5$4$6never$4$6")
+    .replace(/(<param[^>]*?\s)(?:(name\s*=\s*(?:(["'])\s*allowScriptAccess\s*\3|allowScriptAccess\s)[^>]*?value\s*=\s*)(?:(["'])\s*always\s*\4|always(?=[\s\/>]))(?=[^>]*?\/?>)|(value\s*=\s*)(?:(["'])\s*always\s*\6|always(?=\s))(?=[^>]*?name\s*=\s*(?:(["'])\s*allowScriptAccess\s*\7|allowScriptAccess(?=[\s\/>]))[^>]*?\/?>))/gi, "$1$2$5$4$6never$4$6")
   // イベントハンドラによるXSSの対策処理
-    .replace(/(<[^>]+?)\son(?:(?:un)?load|(?:dbl)?click|mouse(?:down|up|over|move|out)|key(?:press|down|up)|focus|blur|submit|reset|select|change)\s*=\s*(?:(["'])(?:\\\2|[^"'])*?\2|[^"'][^\s>]*(?=[\s>]))(?=[^>]*?>)/ig, "$1");
+    .replace(/(<[^>]+?)\son(?:(?:un)?load|(?:dbl)?click|mouse(?:down|up|over|move|out)|key(?:press|down|up)|focus|blur|submit|reset|select|change)\s*=\s*(?:(["'])(?:\\\2|[^"'])*?\2|[^"'][^\s>]*(?=[\s\/>]))(?=[^>]*?>)/ig, "$1");
 }
 
@@ -500 +500 @@
       text-align : center;
     }
-  ]]></>.toString().replace(/^\s{4}/gm, ""));
+  ]]></>.toString().replace(/^\ {4}/gm, ""));
   var opacity = 0.9;
   var flash = document.createElement('div');