Changeset 28898 for main/trunk/greenstone2/runtime-src/src
- Timestamp:
- 2014-03-14T17:13:56+13:00 (10 years ago)
- Location:
- main/trunk/greenstone2/runtime-src/src/recpt
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
main/trunk/greenstone2/runtime-src/src/recpt/receptionist.cpp
r28888 r28898 1532 1532 text_t attrsafe = encodeForHTMLAttr(macrovalue); 1533 1533 text_t urlsafe = encodeForURL(macrovalue); 1534 text_t jssafe = encodeForJavascript(macrovalue); 1534 text_t jssafe = encodeForJavascript(macrovalue); // with default setting will return \\x and \\u for macro files 1535 1535 text_t csssafe = encodeForCSS(macrovalue); 1536 1536 -
main/trunk/greenstone2/runtime-src/src/recpt/securitytools.cpp
r28888 r28898 125 125 } 126 126 127 text_t encodeForJavascript(const text_t& in, const text_t& immuneChars) { 128 text_t out; 129 text_t::const_iterator here = in.begin(); 130 text_t::const_iterator end = in.end(); 131 while (here != end) { 132 out += encodeForJavascript(immuneChars, *here); // IMMUNE_JAVASCRIPT by default 133 ++here; 134 } 135 return out; 136 } 127 text_t encodeForJavascript(const text_t& in, const text_t& immuneChars, bool dmsafe) { 128 text_t out; 129 text_t::const_iterator here = in.begin(); 130 text_t::const_iterator end = in.end(); 131 while (here != end) { 132 out += encodeForJavascript(immuneChars, *here, dmsafe); // IMMUNE_JAVASCRIPT by default 133 ++here; 134 } 135 return out; 136 } 137 137 138 138 139 text_t encodeForMySQL(const text_t& in, const text_t& immuneChars, const SQLMode mode) { … … 259 260 260 261 // http://code.google.com/p/owasp-esapi-java/source/browse/trunk/src/main/java/org/owasp/esapi/codecs/JavaScriptCodec.java 261 text_t encodeForJavascript(const text_t& immuneChars, const unsigned short in ) {262 text_t encodeForJavascript(const text_t& immuneChars, const unsigned short in, bool dmsafe) { 262 263 263 264 text_t result = ""; … … 294 295 char hex_char[3]; 295 296 sprintf(hex_char,"%02X",in); 296 result = "\\x" + text_t(hex_char); 297 298 if(dmsafe) { // double escape backslashes for macro files 299 result = "\\\\x" + text_t(hex_char); 300 } else { 301 result = "\\x" + text_t(hex_char); 302 } 297 303 } 298 304 // otherwise encode with \\uHHHH … … 300 306 char hex_char[5]; 301 307 sprintf(hex_char,"%04X",in); 302 result = "\\u" + text_t(hex_char); 308 if(dmsafe) { // double escape backslashes for macro files 309 result = "\\\\u" + text_t(hex_char); 310 } else { 311 result = "\\u" + text_t(hex_char); 312 } 303 313 } 304 314 -
main/trunk/greenstone2/runtime-src/src/recpt/securitytools.h
r28888 r28898 25 25 text_t encodeForHTML(const text_t& input, const text_t& immuneChars=IMMUNE_HTML); 26 26 text_t encodeForURL(const text_t& input, const text_t& immuneChars=IMMUNE_URL); 27 text_t encodeForJavascript(const text_t& input, const text_t& immuneChars=IMMUNE_JAVASCRIPT );27 text_t encodeForJavascript(const text_t& input, const text_t& immuneChars=IMMUNE_JAVASCRIPT, bool dmsafe=true); 28 28 text_t encodeForHTMLAttr(const text_t& input, const text_t& immuneChars=IMMUNE_HTMLATTR); 29 29 text_t encodeForCSS(const text_t& input, const text_t& immuneChars=IMMUNE_CSS); … … 33 33 text_t encodeForHTML(const text_t& immuneChars, const unsigned short input); 34 34 text_t encodeForURL(const text_t& immuneChars, const unsigned short input); 35 text_t encodeForJavascript(const text_t& immuneChars, const unsigned short input );35 text_t encodeForJavascript(const text_t& immuneChars, const unsigned short input, bool dmsafe); 36 36 text_t encodeForCSS(const text_t& immuneChars, const unsigned short input); 37 37 text_t encodeForMySQL(const text_t& immuneChars, const unsigned short input, const SQLMode mode);
Note:
See TracChangeset
for help on using the changeset viewer.