Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Merge pull request #29 from reddit/master

Input sanitization fixes
  • Loading branch information...
commit f30ef3cfc249c423fe341fe32aa5fbd9453c6229 2 parents b95eb0d + 35256c4
@octatone authored
Showing with 8 additions and 2 deletions.
  1. +8 −2 js/tv.js
View
10 js/tv.js
@@ -831,7 +831,7 @@ function togglePlay(){
function addChannel(subreddit){
var click;
if(!subreddit){
- subreddit = encodeURIComponent($('#channel-name').val());
+ subreddit = stripHTML($('#channel-name').val());
click = true;
}
if(!getChan(subreddit)){
@@ -895,6 +895,7 @@ function checkAnchor(){
}else{
var anchor = Globals.current_anchor.substring(1);
var parts = anchor.split("/"); // #/r/videos/id
+ parts = $.map(parts, stripHTML);
if(parts[1] === 'promo'){
loadPromo(parts[2], parts[3], parts[4]);
}else{
@@ -981,9 +982,14 @@ Object.size = function(obj) {
return size;
};
+
+function stripHTML(s) {
+ return s.replace(/[&<>"'\/]/g, '');
+};
+
/* analytics */
function gaHashTrack(){
if(_gaq){
_gaq.push(['_trackPageview',location.pathname + location.hash]);
}
-}
+}
Please sign in to comment.
Something went wrong with that request. Please try again.