Potentiel security bug corrected
Bug reproduction: 1) paste texte containing html/javascript. 2) send 3) clic "Raw text" 4) refresh: The html/javascript is interpreted instead of just displayed. Under some versions of Chrome, it happens without refreshing. This bug was corrected. (cherry picked from commit 4f8750bbddcb137213529875e45e3ace3be9a769)
This commit is contained in:
parent
e7feca0e53
commit
daf5522b1e
1 changed files with 3 additions and 4 deletions
|
@ -439,10 +439,9 @@ function stateExistingPaste() {
|
||||||
*/
|
*/
|
||||||
function rawText()
|
function rawText()
|
||||||
{
|
{
|
||||||
history.pushState(document.title, document.title, 'document.txt');
|
var paste = $('div#cleartext').html();
|
||||||
var paste = $('div#cleartext').text();
|
var newDoc = document.open('text/html', 'replace');
|
||||||
var newDoc = document.open('text/plain', 'replace');
|
newDoc.write('<pre>'+paste+'</pre>');
|
||||||
newDoc.write(paste);
|
|
||||||
newDoc.close();
|
newDoc.close();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue