Skip to content

Commit 5879037

Browse files
security: support for clean & safe error handling on IE 11
Added pad_utils sanitization for clean and safe error handling on browsers that do not encode the path of the URL. Edited by muxator based on #3647, to be able to apply the patch on develop (the PR was for master), and perform minor cleanups (mainly spurious statements). Closes #3647.
1 parent c65c5f1 commit 5879037

File tree

1 file changed

+3
-1
lines changed

1 file changed

+3
-1
lines changed

Diff for: src/templates/pad.html

+3-1
Original file line numberDiff line numberDiff line change
@@ -361,6 +361,8 @@ <h2 data-l10n-id="pad.share.emebdcode"></h2>
361361

362362
<% e.begin_block("scripts"); %>
363363
<script type="text/javascript">
364+
var padutils = require('../static/js/pad_utils').padutils;
365+
364366
// @license magnet:?xt=urn:btih:8e4f440f4c65981c5bf93c76d35135ba5064d8b7&dn=apache-2.0.txt
365367
(function() {
366368
// Display errors on page load to the user
@@ -370,7 +372,7 @@ <h2 data-l10n-id="pad.share.emebdcode"></h2>
370372
var box = document.getElementById('editorloadingbox');
371373
box.innerHTML = '<p><b>An error occurred while loading the pad</b></p>'
372374
+ '<p><b>'+msg+'</b> '
373-
+ '<small>in '+ url +' (line '+ line +')</small></p>';
375+
+ '<small>in '+ padutils.escapeHTML(url) +' (line '+ line +')</small></p>';
374376
// call original error handler
375377
if(typeof(originalHandler) == 'function') originalHandler.call(null, arguments);
376378
};

0 commit comments

Comments
 (0)