Merge branch 'hotfix-10.3.7' into stable

pixl8 · Dec 1, 2015 · 0aa8fd1 · 0aa8fd1
2 parents 051af8f + 24542db
commit 0aa8fd1
Show file tree

Hide file tree

Showing 14 changed files with 8,064 additions and 3 deletions.
diff --git a/support/tests/integration/api/security/AntiSamyServiceTest.cfc b/support/tests/integration/api/security/AntiSamyServiceTest.cfc
@@ -9,8 +9,9 @@ component extends="testbox.system.BaseSpec" {
 		describe( "clean()", function(){
 
 			it( "should strip script tags from content (we know it should do much more, but just to test...)", function(){
-				var dirty   = "some test <script>alert('hello')</script> to be cleaned";
-				var cleaned = "some test  to be cleaned";
+				var dirty   = '<b>BigBossKent</b><button onclick="f()">Alert - please click</button><script>function f() {confirm(“Youve been hacked!")}</script>';
+				var cleaned = "<b>BigBossKent</b>
+<button>Alert - please click</button>";
 				var actual  = antiSamy.clean( dirty );
 
 				expect( actual ).toBe( cleaned );

diff --git a/system/services/security/AntiSamyService.cfc b/system/services/security/AntiSamyService.cfc
@@ -6,7 +6,7 @@ component {
 
 // CONSTRUCTOR
 	public any function init() {
-		_setLibPath( ExpandPath( "/coldbox/system/plugins/AntiSamy-lib" ) );
+		_setLibPath( ExpandPath( "/preside/system/services/security/antisamylib" ) );
 		_setupPolicyFiles();
 		_setupAntiSamy();
 

diff --git a/system/services/security/antisamylib/antisamy-1.5.3.jar b/system/services/security/antisamylib/antisamy-1.5.3.jar