Revision 626791

Go back to digest for 28th January 2007

Security in KDE Base

Dirk Mueller committed changes in /branches/KDE/3.5/kdelibs/khtml/html/htmltokenizer.cpp:

fix javascript insertion in <title> tags as described in:
<a href=""></a>;

basically, we want to parse comments in titles, to avoid capturing a <script> tag by accident. Easy fix.

<title>myblog<!--</title></head><body><script src=<a href=">">></a>; --></title>

File Changes

Modified 1 files
  • /branches/KDE/3.5/kdelibs/khtml/html/htmltokenizer.cpp
1 files changed in total