Merge r1879 from trunk:
* src/mod_muc/mod_muc_log.erl: Prevent XSS in MUC logs by linkifying only a few known protocols (EJAB-850) SVN Revision: 1905
This commit is contained in:
parent
fea7eac245
commit
ad48607327
|
@ -1,5 +1,8 @@
|
|||
2009-02-21 Badlop <badlop@process-one.net>
|
||||
|
||||
* src/mod_muc/mod_muc_log.erl: Prevent XSS in MUC logs by
|
||||
linkifying only a few known protocols (EJAB-850)
|
||||
|
||||
* src/mod_roster.erl: When account is deleted, cancel presence
|
||||
subscription for all roster items (EJAB-790)
|
||||
* src/mod_roster_odbc.erl: Likewise
|
||||
|
|
|
@ -701,7 +701,8 @@ htmlize2(S1, NoFollow) ->
|
|||
S2 = element(2, regexp:gsub(S1, "\\&", "\\&")),
|
||||
S3 = element(2, regexp:gsub(S2, "<", "\\<")),
|
||||
S4 = element(2, regexp:gsub(S3, ">", "\\>")),
|
||||
S5 = element(2, regexp:gsub(S4, "[-+.a-zA-Z0-9]+://[^] )\'\"}]+", link_regexp(NoFollow))),
|
||||
S5 = element(2, regexp:gsub(S4, "(http|https|ftp|mailto|xmpp)://[^] )\'\"}]+",
|
||||
link_regexp(NoFollow))),
|
||||
%% Remove 'right-to-left override' unicode character 0x202e
|
||||
element(2, regexp:gsub(S5, [226,128,174], "[RLO]")).
|
||||
|
||||
|
|
Loading…
Reference in New Issue