EbookFoundation
/
regluit
mirror of https://github.com/EbookFoundation/regluit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

added defense against script injection via cookie setter [#24981847]

pull/1/head
eric 2012-03-14 00:32:20 -04:00
parent 89e6afe82c
commit 514550ea69
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
frontend/templates/registration/registration_base.html
View File

@ -18,6 +18,7 @@ $j(document).ready(function() {
var next = getQueryVariable('next'); var next = getQueryVariable('next');
var saved_next = $j.cookie('next'); var saved_next = $j.cookie('next');
if(next!=null) { if(next!=null) {
next = next.replace(/[\x22\x27\x3c\x3e]/g,'');
$j.cookie('next', next, {path: '/'}); $j.cookie('next', next, {path: '/'});
} else if(saved_next!=null){ } else if(saved_next!=null){
$j('#link-to-next').html("<a href='"+saved_next+"'> Click to continue after logging in...</a>"); $j('#link-to-next').html("<a href='"+saved_next+"'> Click to continue after logging in...</a>");