Searched hist:"1 ca2719c7488662ebd7964c0d026e0890f923ee9" (Results 1 – 1 of 1) sorted by relevance
| /dokuwiki/inc/parser/ |
| H A D | xhtml.php | 5a2f326fba4cd3f692b56807e5a169b54253fda9 Tue Jun 14 17:58:44 UTC 2011 Andreas Gohr <andi@splitbrain.org> Revert "Only allow known protocols in RSS links"
This reverts commit 1ca2719c7488662ebd7964c0d026e0890f923ee9 as it is
now superseeded by a6b82e436e3d68a42a6556165d6aaf9249db44cd
b52b15965611fc865058c0331b55e4e9bccabd2e Tue Jun 14 17:50:29 UTC 2011 Andreas Gohr <andi@splitbrain.org> only allow configured URL schemes in external links
This fixes a problem where JavaScript could be introduced through
specially crafted RSS feeds on a lower level than the commit from
yesterday (1ca2719c7488662ebd7964c0d026e0890f923ee9)
This also fixes a problem where JavaScript links could be introduced by
specifying it as an RSS URL: the resulting error message displays a
link to the broken feed URL. This patch makes sure there's no working
link for unknown protocols.
1ca2719c7488662ebd7964c0d026e0890f923ee9 Sat Jun 11 15:12:39 UTC 2011 Andreas Gohr <andi@splitbrain.org> Only allow known protocols in RSS links
This fixes a security vulnerability where an attacker could introduce
JavaScript links into wiki pages by including a prepared RSS feed.
|