Igor Gariev (gariev) wrote in changelog,
Igor Gariev
gariev
changelog

[livejournal] r18334: LJSUP-7817: <object data="" ... > create...

Committer: gariev
LJSUP-7817: <object data="" ... > creates vulnerability and should be blocked in LJ
[int: ]

U   trunk/cgi-bin/LJ/EmbedModule.pm
Modified: trunk/cgi-bin/LJ/EmbedModule.pm
===================================================================
--- trunk/cgi-bin/LJ/EmbedModule.pm	2011-02-17 03:50:45 UTC (rev 18333)
+++ trunk/cgi-bin/LJ/EmbedModule.pm	2011-02-17 05:44:32 UTC (rev 18334)
@@ -482,6 +482,14 @@
                 $selfclose = 1;
                 next;
             }
+            
+            ## Remove "data" attribute from <object data="..."> constructs.
+            ## Right now attribute is silently dropped. 
+            ## TODO: pass a flag to outer scope that it was dropped, so that 
+            ## ljprotocol can notify user by throwing an error.
+            if ($tag eq 'object' && $name eq 'data') {
+                next;
+            }
 
             my $tribute = " $name=\"" . LJ::ehtml($attr->{$name}) . "\"";
 

Tags: gariev, livejournal, pm
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments