Skip to content
This repository was archived by the owner on Feb 16, 2021. It is now read-only.

Commit 2f9eb97

Browse files
committed
Hardening sanitization technique in Flash
1 parent e440548 commit 2f9eb97

File tree

2 files changed

+13
-3
lines changed

2 files changed

+13
-3
lines changed

Diff for: ZeroClipboard.swf

30 Bytes
Binary file not shown.

Diff for: src/flash/ZeroClipboard.as

+13-3
Original file line numberDiff line numberDiff line change
@@ -49,13 +49,13 @@ package {
4949

5050
// Allow the SWF object to communicate with a page on a different origin than its own (e.g. SWF served from CDN)
5151
if (flashvars.trustedOrigins && typeof flashvars.trustedOrigins === "string") {
52-
var origins:Array = flashvars.trustedOrigins.split("\\").join("\\\\").split(",");
52+
var origins:Array = ZeroClipboard.sanitizeString(flashvars.trustedOrigins).split(",");
5353
flash.system.Security.allowDomain.apply(null, origins);
5454
}
5555

5656
// Enable complete AMD (e.g. RequireJS) and CommonJS (e.g. Browserify) support
5757
if (flashvars.jsModuleId && typeof flashvars.jsModuleId === "string") {
58-
jsModuleId = flashvars.jsModuleId.split("\\").join("\\\\");
58+
jsModuleId = ZeroClipboard.sanitizeString(flashvars.jsModuleId);
5959
}
6060

6161
// invisible button covers entire stage
@@ -83,6 +83,16 @@ package {
8383
dispatch("load", ZeroClipboard.metaData());
8484
}
8585

86+
// sanitizeString
87+
//
88+
// This private function will accept a string, and return a sanitized string
89+
// to avoid XSS vulnerabilities
90+
//
91+
// returns an XSS safe String
92+
private static function sanitizeString(dirty:String): String {
93+
return dirty.replace(/\\/g,"\\\\")
94+
}
95+
8696
// mouseClick
8797
//
8898
// The mouseClick private function handles clearing the clipboard, and
@@ -99,7 +109,7 @@ package {
99109

100110
// signal to the page it is done
101111
dispatch("complete", ZeroClipboard.metaData(event, {
102-
text: clipText.split("\\").join("\\\\")
112+
text: ZeroClipboard.sanitizeString(clipText)
103113
}));
104114

105115
// reset the text

0 commit comments

Comments
 (0)