Revision 626791

Go back to digest for 28th January 2007

Security in KDE Base

Dirk Mueller committed changes in /branches/KDE/3.5/kdelibs/khtml/html/htmltokenizer.cpp:

fix javascript insertion in <title> tags as described in:
<a href="http://www.securityfocus.com/archive/1/457763/30/30/threaded">http://www.securityfocus.com/archive/1/457763/30/30/threaded</a>;

basically, we want to parse comments in titles, to avoid capturing a <script> tag by accident. Easy fix.

Testcase:
<title>myblog<!--</title></head><body><script src=<a href="http://beanfuzz.com/bean.js>">http://beanfuzz.com/bean.js></a>; --></title>

File Changes

Modified 1 files
  • /branches/KDE/3.5/kdelibs/khtml/html/htmltokenizer.cpp
1 files changed in total