[Pkg-javascript-commits] [backbone] 143/211: Following recommendations from the OWASP https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
Jonas Smedegaard
js at moszumanska.debian.org
Sat May 3 17:00:15 UTC 2014
This is an automated email from the git hooks/post-receive script.
js pushed a commit to tag 0.5.0
in repository backbone.
commit 82c288c91e9c3781e3afeedf1aa30626e6f9a788
Author: Francis <wizard at roborooter.com>
Date: Sat May 7 22:47:35 2011 -0700
Following recommendations from the OWASP
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
Should be tested with
http://ha.ckers.org/xss.html
Make sure your pages are utf8!
---
backbone.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/backbone.js b/backbone.js
index 7ec5d48..795b48b 100644
--- a/backbone.js
+++ b/backbone.js
@@ -1094,7 +1094,7 @@
// Helper function to escape a string for HTML rendering.
var escapeHTML = function(string) {
- return string.replace(/&(?!\w+;|#\d+;|#x[\da-f]+;)/gi, '&').replace(/</g, '<').replace(/>/g, '>').replace(/"/g, '"');
+ return string.replace(/&(?!\w+;|#\d+;|#x[\da-f]+;)/gi, '&').replace(/</g, '<').replace(/>/g, '>').replace(/"/g, '"').replace(/'/g, ''').replace(/\//g,'/');
};
}).call(this);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-javascript/backbone.git
More information about the Pkg-javascript-commits
mailing list