mirror of
https://github.com/processone/ejabberd.git
synced 2024-11-26 16:26:24 +01:00
Merge 1879 from trunk.
* src/mod_muc/mod_muc_log.erl: Prevent XSS in MUC logs by linkifying only a few known protocols (EJAB-850) SVN Revision: 1945
This commit is contained in:
parent
f0c0b2230a
commit
fe297e1dea
@ -1,5 +1,8 @@
|
|||||||
2009-03-03 Badlop <badlop@process-one.net>
|
2009-03-03 Badlop <badlop@process-one.net>
|
||||||
|
|
||||||
|
* src/mod_muc/mod_muc_log.erl: Prevent XSS in MUC logs by
|
||||||
|
linkifying only a few known protocols (EJAB-850)
|
||||||
|
|
||||||
* src/mod_muc/mod_muc.erl: Export function to create MUC
|
* src/mod_muc/mod_muc.erl: Export function to create MUC
|
||||||
room (thanks to Eric Cestari) (EJAB-729)
|
room (thanks to Eric Cestari) (EJAB-729)
|
||||||
|
|
||||||
|
@ -767,7 +767,8 @@ htmlize2(S1, NoFollow) ->
|
|||||||
S2 = element(2, regexp:gsub(S1, "\\&", "\\&")),
|
S2 = element(2, regexp:gsub(S1, "\\&", "\\&")),
|
||||||
S3 = element(2, regexp:gsub(S2, "<", "\\<")),
|
S3 = element(2, regexp:gsub(S2, "<", "\\<")),
|
||||||
S4 = element(2, regexp:gsub(S3, ">", "\\>")),
|
S4 = element(2, regexp:gsub(S3, ">", "\\>")),
|
||||||
S5 = element(2, regexp:gsub(S4, "[-+.a-zA-Z0-9]+://[^] )\'\"}]+", link_regexp(NoFollow))),
|
S5 = element(2, regexp:gsub(S4, "(http|https|ftp|mailto|xmpp)://[^] )\'\"}]+",
|
||||||
|
link_regexp(NoFollow))),
|
||||||
%% Remove 'right-to-left override' unicode character 0x202e
|
%% Remove 'right-to-left override' unicode character 0x202e
|
||||||
element(2, regexp:gsub(S5, [226,128,174], "[RLO]")).
|
element(2, regexp:gsub(S5, [226,128,174], "[RLO]")).
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user