etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

cross-site scripting - sanitize only value whose type is string.

This commit is contained in:
Jessica Wang 2010-09-21 18:36:58 -07:00
parent d30df89e86
commit d0b5b565a7
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ui/scripts/cloud.core.js
View File

@ -470,7 +470,7 @@ function trim(val) {
// Prevent cross-site-script(XSS) attack.
// used right before adding user input to the DOM tree. e.g. DOM_element.html(sanitizeXSS(user_input));
function sanitizeXSS(val) {
if(val == null)
if(val == null|| typeof(val) != "string")
return val;
val = val.replace(/</g, "&lt;"); //replace < whose unicode is \u003c
val = val.replace(/>/g, "&gt;"); //replace > whose unicode is \u003e