Skip to content
Permalink
Browse files

Latte: security fix for escaping inside <script>, prevents "Script da…

  • Loading branch information...
dg committed Oct 15, 2013
1 parent 4d40622 commit 4a1e82d98c68451877bbb7a53e65f7a35838a9e6
@@ -118,7 +118,7 @@ public static function escapeCss($s)
/**
* Escapes string for use inside JavaScript template.
* Escapes variables for use inside <script>.
* @param mixed UTF-8 encoding
* @return string
*/
@@ -127,7 +127,7 @@ public static function escapeJs($s)
if (is_object($s) && ($s instanceof ITemplate || $s instanceof Html || $s instanceof Form)) {
$s = $s->__toString(TRUE);
}
return str_replace(']]>', ']]\x3E', Nette\Utils\Json::encode($s));
return str_replace(array(']]>', '<!'), array(']]\x3E', '\x3C!'), Nette\Utils\Json::encode($s));
}
@@ -45,7 +45,7 @@
<li id="item-3" class="odd">Paul</li>
<li id="item-4" class="even">]]&gt;</li>
<li id="item-4" class="even">]]&gt; &lt;!--</li>
</ul>
@@ -64,7 +64,7 @@
<!--
alert('</div>');
var prop = ["John","Mary","Paul","]]\x3E"];
var prop = ["John","Mary","Paul","]]\x3E \x3C!--"];
document.getElementById("some&<>\"'\/chars").style.backgroundColor = 'red';
@@ -76,7 +76,7 @@
<script>
/* <![CDATA[ */
var prop2 = ["John","Mary","Paul","]]\x3E"];
var prop2 = ["John","Mary","Paul","]]\x3E \x3C!--"];
/* ]]> */
</script>
@@ -123,7 +123,7 @@
<li>John</li>
<li>Mary</li>
<li>Paul</li>
<li>]]&gt;</li>
<li>]]&gt; &lt;!--</li>
</ul>

<ul title="for">
@@ -45,7 +45,7 @@
<li id="item-3" class="odd">Paul</li>
<li id="item-4" class="even">]]&gt;</li>
<li id="item-4" class="even">]]&gt; &lt;!--</li>
</ul>
@@ -64,7 +64,7 @@
<!--
alert('</div>');
var prop = ["John","Mary","Paul","]]\x3E"];
var prop = ["John","Mary","Paul","]]\x3E \x3C!--"];
document.getElementById("some&<>\"'\/chars").style.backgroundColor = 'red';
@@ -76,7 +76,7 @@
<script>
/* <![CDATA[ */
var prop2 = ["John","Mary","Paul","]]\x3E"];
var prop2 = ["John","Mary","Paul","]]\x3E \x3C!--"];
/* ]]> */
</script>
@@ -123,7 +123,7 @@
<li>John</li>
<li>Mary</li>
<li>Paul</li>
<li>]]&gt;</li>
<li>]]&gt; &lt;!--</li>
</ul>

<ul title="for">
@@ -47,7 +47,7 @@
<li>John</li>
<li>Mary</li>
<li>Paul</li>
<li>]]&gt;</li>
<li>]]&gt; &lt;!--</li>
</ul>
<p>
@@ -28,7 +28,7 @@ $template->registerHelperLoader('Nette\Templating\Helpers::loader');
$template->hello = '<i>Hello</i>';
$template->xss = 'some&<>"\'/chars';
$template->people = array('John', 'Mary', 'Paul', ']]>');
$template->people = array('John', 'Mary', 'Paul', ']]> <!--');
$template->menu = array('about', array('product1', 'product2'), 'contact');
$template->el = Html::el('div')->title('1/2"');
@@ -26,7 +26,7 @@ $template->registerHelperLoader('Nette\Templating\Helpers::loader');
$template->hello = '<i>Hello</i>';
$template->xss = 'some&<>"\'/chars';
$template->people = array('John', 'Mary', 'Paul', ']]>');
$template->people = array('John', 'Mary', 'Paul', ']]> <!--');
$template->menu = array('about', array('product1', 'product2'), 'contact');
$template->el = Html::el('div')->title('1/2"');
@@ -27,7 +27,7 @@ $template->registerHelperLoader('Nette\Templating\Helpers::loader');
$template->hello = '<i>Hello</i>';
$template->id = ':/item';
$template->people = array('John', 'Mary', 'Paul', ']]>');
$template->people = array('John', 'Mary', 'Paul', ']]> <!--');
$template->comment = 'test -- comment';
$template->netteHttpResponse = new Nette\Http\Response;
$template->el = Html::el('div')->title('1/2"');

0 comments on commit 4a1e82d

Please sign in to comment.
You can’t perform that action at this time.