Permalink
Browse files

XSS Bug escaping clipText returned

  • Loading branch information...
1 parent 76e6ce7 commit 51b67b6d696f62aaf003210c08542588222c4913 @jonrohan jonrohan committed Dec 31, 2012
Showing with 2 additions and 1 deletion.
  1. BIN ZeroClipboard.swf
  2. +1 −0 docs/releases.md
  3. +1 −1 src/flash/ZeroClipboard.as
View
Binary file not shown.
View
@@ -3,6 +3,7 @@
To the future, 1.1.4 will address any bugs from the previous release.
* [SECURITY] Removing `flash.system.Security.allowDomain("*");` default. now should be set via flashvars.
+* [SECURITY] XSS Vunerability, the clipText returned from the flash object needs to be escaped.
### ZeroClipboard 1.1.1, 1.1.2, 1.1.3
@@ -86,7 +86,7 @@
// signal to the page it is done
ExternalInterface.call( 'ZeroClipboard.dispatch', 'complete', metaData(event, {
- text: clipText,
+ text: clipText.split("\\").join("\\\\"),
format: clipFormat
}));
}

0 comments on commit 51b67b6

Please sign in to comment.