diff options
| author | Arne Georg Gleditsch <argggh@lxr.linpro.no> | 2010-02-05 14:52:07 +0100 |
|---|---|---|
| committer | Arne Georg Gleditsch <argggh@lxr.linpro.no> | 2010-02-05 14:52:07 +0100 |
| commit | 5196a63710f4efce0e46961f0f2e7d321bf72d96 (patch) | |
| tree | c07ee633cf1ba267f4d8706ff540f19a7c6789a9 | |
| parent | 236cfb9a32a8daddfb0a3f4b190386046b0989d9 (diff) | |
Fix embarrasing XSS holes.
| -rw-r--r-- | tmpl/line_reference.tt2 | 6 | ||||
| -rw-r--r-- | tmpl/search_result.tt2 | 38 | ||||
| -rw-r--r-- | webroot/.static/js/lxrng-funcs.js | 6 |
3 files changed, 25 insertions, 25 deletions
diff --git a/tmpl/line_reference.tt2 b/tmpl/line_reference.tt2 index f68296c..e535f49 100644 --- a/tmpl/line_reference.tt2 +++ b/tmpl/line_reference.tt2 @@ -1,4 +1,4 @@ -<a href="[% file %]#L[% line %]" [% navtarget %] -onclick="return load_file('[% context.tree %]', '[% file %][% context.args_url %]', '[% context.release %]', [% line %]);"> - [% file %], line [% line %] +<a href="[% file | html %]#L[% line | html %]" [% navtarget | html %] +onclick="return load_file('[% context.tree | html %]', '[% file | html %][% context.args_url %]', '[% context.release | html %]', [% line | html %]);"> + [% file | html %], line [% line | html %] </a> diff --git a/tmpl/search_result.tt2 b/tmpl/search_result.tt2 index afc36f4..7e5fdc0 100644 --- a/tmpl/search_result.tt2 +++ b/tmpl/search_result.tt2 @@ -8,17 +8,17 @@ [% END %] [% IF search_type == "code" or (code_res and code_res.idents.0) %] - <div class="query_desc">Code search: [% code_res.query %]</div> + <div class="query_desc">Code search: [% code_res.query | html %]</div> [% ptype = '' %] [% FOREACH ident = code_res.idents %] [% IF ptype != ident.1 %] - <span class="identtype">[% ident.1 %]</span> + <span class="identtype">[% ident.1 | html %]</span> [% ptype = ident.1 %] [% END %] <span class="resultline"> [% INCLUDE line_reference.tt2, file = ident.2, line = ident.3 %] <span class="resultdetails">[<a class="iref" - href="+ident=[% ident.0 %][% IF navtarget %]?nav[% navtarget %][% END %]" + href="+ident=[% ident.0 | html %][% IF navtarget %]?nav[% navtarget | html %][% END %]" onclick="return ajax_lookup_anchor(null, this);">usage...</a>]</span> </span> [% END %] @@ -27,19 +27,19 @@ [% IF ident_res %] <div class="query_desc">Identifier: <a class="sref" - href="+code=[% ident_res.query %][% IF navtarget %]?nav[% navtarget %][% END %]" + href="+code=[% ident_res.query | html %][% IF navtarget %]?nav[% navtarget | html %][% END %]" onclick="return ajax_lookup_anchor(null, this);"> - [% ident_res.query %] + [% ident_res.query | html %] </a> </div> <span class="identdesc"> - [% ident_res.ident.1 %] + [% ident_res.ident.1 | html %] [% IF ident_res.ident.4 %] - in [% ident_res.ident.5 %] + in [% ident_res.ident.5 | html %] <a class="iref" - href="+ident=[% ident_res.ident.6 %][% IF navtarget %]?nav[% navtarget %][% END %]" + href="+ident=[% ident_res.ident.6 | html %][% IF navtarget %]?nav[% navtarget | html %][% END %]" onclick="return ajax_lookup_anchor(null, this);"> - [% ident_res.ident.4 %] + [% ident_res.ident.4 | html %] </a> [% END %] at @@ -64,24 +64,24 @@ [% IF file_res %] [% FOREACH file = file_res.files %] [% IF loop.first %] - <div class="query_desc">Filename search: [% file_res.query %]</div> + <div class="query_desc">Filename search: [% file_res.query | html %]</div> [% END %] <span class="resultline"> - <a href="[% file %]" onclick="return load_file('[% context.tree %]', - '[% file %][% context.args_url %]', '[% context.release %]', '');" - [% navtarget %]>[% file %]</a> + <a href="[% file | html %]" onclick="return load_file('[% context.tree | html %]', + '[% file | html %][% context.args_url %]', '[% context.release | html %]', '');" + [% navtarget | html %]>[% file | html %]</a> </span> [% END %] [% END %] [% IF text_res %] - <div class="query_desc">Freetext search: [% text_res.query %] - ([% text_res.total %] estimated hits)</div> + <div class="query_desc">Freetext search: [% text_res.query | html %] + ([% text_res.total | html %] estimated hits)</div> [% FOREACH file = text_res.files %] <span class="resultline"> [% INCLUDE line_reference.tt2, file = file.1, line = file.2 %] - <span class="resultdetails">([% file.0 %]%)</span> + <span class="resultdetails">([% file.0 | html %]%)</span> </span> [% END %] [% END %] @@ -90,9 +90,9 @@ <div class="query_desc">Ambiguous file reference, please choose one:</div> <ul> [% FOREACH file = ambig_res.files %] -<li><a href="[% file %]" onclick="return load_file('[% context.tree %]', - '[% file %][% context.args_url %]', '[% context.release %]', '');" - [% navtarget %]>[% file %]</a> +<li><a href="[% file | html %]" onclick="return load_file('[% context.tree | html %]', + '[% file | html %][% context.args_url %]', '[% context.release | html %]', '');" + [% navtarget | html %]>[% file | html %]</a> </li> [% END %] </ul> diff --git a/webroot/.static/js/lxrng-funcs.js b/webroot/.static/js/lxrng-funcs.js index 8a6720f..a612055 100644 --- a/webroot/.static/js/lxrng-funcs.js +++ b/webroot/.static/js/lxrng-funcs.js @@ -264,14 +264,14 @@ function load_file_finalize(content) { res.innerHTML = 'Done'; res.innerHTML = content; var head = document.getElementById('current_path'); - head.innerHTML = '<a class=\"fref\" href=\".\">' + pending_tree + '</a>'; + head.innerHTML = '<a class=\"fref\" href=\".\">' + escape(pending_tree) + '</a>'; var path_walked = ''; var elems = pending_file.split(/\//); for (var i = 0; i < elems.length; i++) { if (elems[i] != '') { head.innerHTML = head.innerHTML + '/' + - '<a class=\"fref\" href=\"' + path_walked + elems[i] + - '\">' + elems[i] + '</a>'; + '<a class=\"fref\" href=\"' + escape(path_walked) + escape(elems[i]) + + '\">' + escape(elems[i]) + '</a>'; path_walked = path_walked + elems[i] + '/'; } } |