Fix a possible xss attack in iframe link
This commit is contained in:
Stefan
parent
175c29ff66
commit
02551d772c
|
|
@ -315,13 +315,13 @@ var padeditbar = (function()
|
||||||
{
|
{
|
||||||
var basePath = document.location.href.substring(0, document.location.href.indexOf("/p/"));
|
var basePath = document.location.href.substring(0, document.location.href.indexOf("/p/"));
|
||||||
var readonlyLink = basePath + "/p/" + clientVars.readOnlyId;
|
var readonlyLink = basePath + "/p/" + clientVars.readOnlyId;
|
||||||
$('#embedinput').val("<iframe name='embed_readonly' src='" + readonlyLink + "?showControls=true&showChat=true&showLineNumbers=true&useMonospaceFont=false' width=600 height=400></iframe>");
|
$('#embedinput').val('<iframe name="embed_readonly" src="' + readonlyLink + '?showControls=true&showChat=true&showLineNumbers=true&useMonospaceFont=false" width=600 height=400></iframe>');
|
||||||
$('#linkinput').val(readonlyLink);
|
$('#linkinput').val(readonlyLink);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
var padurl = window.location.href.split("?")[0];
|
var padurl = window.location.href.split("?")[0];
|
||||||
$('#embedinput').val("<iframe name='embed_readwrite' src='" + padurl + "?showControls=true&showChat=true&showLineNumbers=true&useMonospaceFont=false' width=600 height=400></iframe>");
|
$('#embedinput').val('<iframe name="embed_readwrite" src="' + padurl + '?showControls=true&showChat=true&showLineNumbers=true&useMonospaceFont=false" width=600 height=400></iframe>');
|
||||||
$('#linkinput').val(padurl);
|
$('#linkinput').val(padurl);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue