open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

prevent xss attacks also if some javascript ends up in the alt-tag

Browse Source
remotes/origin/stable45
Bjoern Schiessle 13 years ago
parent 87855f2506
commit d28a4f0638
2 changed files with 3 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 3
      apps/files_imageviewer/js/jquery.fancybox-1.3.4.js
  2. 2
      apps/files_imageviewer/js/jquery.fancybox-1.3.4.pack.js

3
apps/files_imageviewer/js/jquery.fancybox-1.3.4.js
Unescape View File

@ -84,7 +84,6 @@
}
title = selectedOpts.title || (obj.nodeName ? $(obj).attr('title') : obj.title) || '';
title = title.replace(/</, "&lt;").replace(/>/, "&gt;");
if (obj.nodeName && !selectedOpts.orig) {
selectedOpts.orig = $(obj).children("img:first").length ? $(obj).children("img:first") : $(obj);
@ -94,6 +93,8 @@
title = selectedOpts.orig.attr('alt');
}
title = title.replace(/</, "&lt;").replace(/>/, "&gt;");
href = selectedOpts.href || (obj.nodeName ? $(obj).attr('href') : obj.href) || null;
if ((/^(?:javascript)/i).test(href) || href == '#') {

2
apps/files_imageviewer/js/jquery.fancybox-1.3.4.pack.js
View File

File diff suppressed because one or more lines are too long
Write Preview
Loading…
Cancel
Save