Show
Ignore:
Timestamp:
07.06.2016 18:30:52 (4 years ago)
Author:
ak19
Message:

Had return statement back to front, returning true when meaning to return false and vice-versa.

Files:
1 modified

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone2/runtime-src/src/recpt/securitytools.cpp

    r28899 r30566  
    5555    https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.235_-_URL_Escape_Before_Inserting_Untrusted_Data_into_HTML_URL_Parameter_Values 
    5656     
    57     WARNING: Do not encode complete or relative URL's with URL encoding! If untrusted input is meant to be placed into  
     57    WARNING: Do not encode complete or relative URLs with URL encoding! If untrusted input is meant to be placed into  
    5858    href, src or other URL-based attributes, it should be validated to make sure it does not point to an unexpected  
    59     protocol, especially Javascript links. URL's should then be encoded based on the context of display like any other 
    60     piece of data. For example, user driven URL's in HREF links should be attribute encoded. For example: 
     59    protocol, especially Javascript links. URLs should then be encoded based on the context of display like any other 
     60    piece of data. For example, user driven URLs in HREF links should be attribute encoded. For example: 
    6161 
    6262    String userURL = request.getParameter( "userURL" ) 
     
    7474 
    7575  if(findword(here, end, "javascript:") != end) { 
    76     return true; 
    77   } 
    78   return false; 
     76    return false; 
     77  } 
     78  return true; 
    7979} 
    8080