KDE Commit-Digest
Revision 626791
Go back to digest for 28th January 2007Security in KDE Base
Dirk Mueller committed changes in /branches/KDE/3.5/kdelibs/khtml/html/htmltokenizer.cpp:
fix javascript insertion in <title> tags as described in:
<a href="http://www.securityfocus.com/archive/1/457763/30/30/threaded">http://www.securityfocus.com/archive/1/457763/30/30/threaded</a>;
basically, we want to parse comments in titles, to avoid capturing a <script> tag by accident. Easy fix.
Testcase:
<title>myblog<!--</title></head><body><script src=<a href="http://beanfuzz.com/bean.js>">http://beanfuzz.com/bean.js></a>; --></title>
File Changes
Modified 1 files
- /branches/KDE/3.5/kdelibs/khtml/html/htmltokenizer.cpp
1 files changed in total