W3C home > Mailing lists > Public > www-validator-cvs@w3.org > December 2009

2002/css-validator/org/w3c/css/css StyleSheetGenerator.java,1.27,1.28

From: Yves Lafon via cvs-syncmail <cvsmail@w3.org>
Date: Mon, 07 Dec 2009 14:23:11 +0000
To: www-validator-cvs@w3.org
Message-Id: <E1NHeUZ-00058Y-Nl@lionel-hutz.w3.org>
Update of /sources/public/2002/css-validator/org/w3c/css/css
In directory hutz:/tmp/cvs-serv19732

Modified Files:
	StyleSheetGenerator.java 
Log Message:
XSS was possible using some URIs
http://lists.w3.org/Archives/Public/www-validator-css/2009Dec/0001.html


Index: StyleSheetGenerator.java
===================================================================
RCS file: /sources/public/2002/css-validator/org/w3c/css/css/StyleSheetGenerator.java,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -d -r1.27 -r1.28
--- StyleSheetGenerator.java	24 Feb 2009 21:45:14 -0000	1.27
+++ StyleSheetGenerator.java	7 Dec 2009 14:23:09 -0000	1.28
@@ -119,7 +119,7 @@
 	if (ac.isInputFake()) {
 	    title = title.substring(title.lastIndexOf('/')+1);
 	}
-	context.put("file_title", title);
+	context.put("file_title", queryReplace(title));
 	        
         // W3C_validator_result
         warnings = style.getWarnings();
Received on Monday, 7 December 2009 14:23:20 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:55:16 GMT