Page MenuHomePhabricator
Files F32249749

0001-Fix-XSS.patch
Platonides (platonides)
Actions

Authored By
Platonides
Sep 7 2020, 9:49 PM
Size
1 KB
Referenced Files
None
Subscribers
None

0001-Fix-XSS.patch
View Options

From f4525049804b606234fde4b4c1b5b39b1cdf79d2 Mon Sep 17 00:00:00 2001
From: Platonides <Platonides@gmail.com>
Date: Mon, 7 Sep 2020 23:47:13 +0200
Subject: [PATCH] Fix XSS
Bug: T262213
---
resources/dist/mobile.common.js | Bin 49899 -> 49917 bytes
resources/dist/mobile.common.js.map.json | Bin 214540 -> 214561 bytes
src/mobile.startup/PageGateway.js | 2 +-
3 files changed, 1 insertion(+), 1 deletion(-)
diff --git a/resources/dist/mobile.common.js b/resources/dist/mobile.common.js
index ab13bd4d41c6253b54b03932f83428d04eb16a65..d1c0ff2a327f50ed463aa851beee78d24c8ef0f3 100644
GIT binary patch
delta 36
rcmaFe%KW#Ld4YqNhEjB#QmmFzje2yPdaRauO>~@HtmbAGhv!WI=e`U_
delta 18
Zcmey{%KW;Od4U5<bevu6W-*87O#n+}2crN0
diff --git a/resources/dist/mobile.common.js.map.json b/resources/dist/mobile.common.js.map.json
index 09b6be47445dc1ae8adcb46049b8e5d2d311fe4c..8f4b67f1ad210c5a77ed28a69ec1dc773de9f0ec 100644
GIT binary patch
delta 67
zcmeC_;a%9nyJ2D^Pp-40W4^PFx1+0}YxCU5?Q<g;Wwa$VVw9reVw7UFVw7ssqvO<L
XwbW~(<LqKJ+xNCGZr|I&<bMzV`oI>$
delta 46
zcmZ43!`sutyJ2D^Po|TjW44oyx1(!?OY_{w?Q<g;WwcqM<LqMFFSRgkztqCye-HqS
CIuTp|
diff --git a/src/mobile.startup/PageGateway.js b/src/mobile.startup/PageGateway.js
index 091cb6b3b..dbd716564 100644
--- a/src/mobile.startup/PageGateway.js
+++ b/src/mobile.startup/PageGateway.js
@@ -53,7 +53,7 @@ function transformSections( sections ) {
// section will not have a parent and will be appended to the result.
sections.forEach( function ( section ) {
if ( section.line !== undefined ) {
- section.line = section.line.replace( /<\/?a\b[^>]*>/g, '' );
+ section.line = section.line.replace( /<\/?a\b("[^"]*"|'[^']*'|[^>])*>/g, '' );
}
section.subsections = [];
--
2.20.1

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
8532251
Default Alt Text
0001-Fix-XSS.patch (1 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits