etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

The sanitizeXSS function only sanitizes strings and leaves other types unchanged.

This commit is contained in:
Kris McQueen 2010-09-21 18:23:40 -07:00
parent c32d6e7524
commit 50da0d918f
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ui/scripts/cloud.core.js
View File

@ -626,7 +626,7 @@ function noNull(val) {
// Prevent cross-site-script(XSS) attack.
// used right before adding user input to the DOM tree. e.g. DOM_element.html(sanitizeXSS(user_input));
function sanitizeXSS(val) {
if(val == null)
if((val == null) || (typeof val != "string"))
return val;
val = val.replace(/</g, "&lt;"); //replace < whose unicode is \u003c
val = val.replace(/>/g, "&gt;"); //replace > whose unicode is \u003e