Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix JS injection exploit
  • Loading branch information
juju2143 committed Apr 11, 2015
1 parent 84478a9 commit 45fd885
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions public/parser.js
Expand Up @@ -14,10 +14,10 @@ function parseLinks(text,nav)
}
text = text.replace(/http:\/\/img.codewalr\.us\//g,"\x01img.codewalr.us/");
text = text.replace(/http:\/\/codewalr\.us\//g,"\x01codewalr.us/");
text = text.replace(RegExp("(^|.)(((f|ht)(tp|tps):\/\/)[^\\s\x02\x03\x0f\x16\x1d\x1f]*)","g"),'$1<a target="_blank" href="$2"'+(nav?' class="navbar-link"':'')+'>$2</a>');
text = text.replace(RegExp("(^|\\s)(www\\.[^\\s\x02\x03\x0f\x16\x1d\x1f]*)","g"),'$1<a target="_blank" href="http://$2"'+(nav?' class="navbar-link"':'')+'>$2</a>');
text = text.replace(RegExp("(^|.)\x01(img.codewalr.us\/[^\\s\x02\x03\x0f\x16\x1d\x1f]*)","g"),'$1<a target="_top" href="http://$2"'+(nav?' class="navbar-link"':'')+'><img src="http://$2" class="picture" /></a>');
text = text.replace(RegExp("(^|.)\x01([^\\s\x02\x03\x0f\x16\x1d\x1f]*)","g"),'$1<a target="_top" href="http://$2"'+(nav?' class="navbar-link"':'')+'>http://$2</a>');
text = text.replace(RegExp("(^|.)(((f|ht)(tp|tps):\/\/)[^\\s\x02\x03\x0f\x16\x1d\x1f\"]*)","g"),'$1<a target="_blank" href="$2"'+(nav?' class="navbar-link"':'')+'>$2</a>');
text = text.replace(RegExp("(^|\\s)(www\\.[^\\s\x02\x03\x0f\x16\x1d\x1f\"]*)","g"),'$1<a target="_blank" href="http://$2"'+(nav?' class="navbar-link"':'')+'>$2</a>');
text = text.replace(RegExp("(^|.)\x01(img.codewalr.us\/[^\\s\x02\x03\x0f\x16\x1d\x1f\"]*)","g"),'$1<a target="_top" href="http://$2"'+(nav?' class="navbar-link"':'')+'><img src="http://$2" class="picture" /></a>');
text = text.replace(RegExp("(^|.)\x01([^\\s\x02\x03\x0f\x16\x1d\x1f\"]*)","g"),'$1<a target="_top" href="http://$2"'+(nav?' class="navbar-link"':'')+'>http://$2</a>');
return text;
}

Expand Down

0 comments on commit 45fd885

Please sign in to comment.