- From: Yves Lafon via cvs-syncmail <cvsmail@w3.org>
- Date: Mon, 07 Dec 2009 14:23:11 +0000
- To: www-validator-cvs@w3.org
Update of /sources/public/2002/css-validator/org/w3c/css/css
In directory hutz:/tmp/cvs-serv19732
Modified Files:
StyleSheetGenerator.java
Log Message:
XSS was possible using some URIs
http://lists.w3.org/Archives/Public/www-validator-css/2009Dec/0001.html
Index: StyleSheetGenerator.java
===================================================================
RCS file: /sources/public/2002/css-validator/org/w3c/css/css/StyleSheetGenerator.java,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -d -r1.27 -r1.28
--- StyleSheetGenerator.java 24 Feb 2009 21:45:14 -0000 1.27
+++ StyleSheetGenerator.java 7 Dec 2009 14:23:09 -0000 1.28
@@ -119,7 +119,7 @@
if (ac.isInputFake()) {
title = title.substring(title.lastIndexOf('/')+1);
}
- context.put("file_title", title);
+ context.put("file_title", queryReplace(title));
// W3C_validator_result
warnings = style.getWarnings();
Received on Monday, 7 December 2009 14:23:20 UTC