You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by se...@apache.org on 2013/06/19 11:52:19 UTC
svn commit: r866307 -
/websites/production/commons/content/proper/commons-validator/testapidocs/index.html
Author: sebb
Date: Wed Jun 19 09:52:19 2013
New Revision: 866307
Log:
Apply fix for CVE-2013-1571, a frame injection attack
Modified:
websites/production/commons/content/proper/commons-validator/testapidocs/index.html
Modified: websites/production/commons/content/proper/commons-validator/testapidocs/index.html
==============================================================================
--- websites/production/commons/content/proper/commons-validator/testapidocs/index.html (original)
+++ websites/production/commons/content/proper/commons-validator/testapidocs/index.html Wed Jun 19 09:52:19 2013
@@ -1,34 +1,70 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">
-<!-- NewPage -->
-<html lang="en">
-<head>
-<!-- Generated by javadoc on Sun Mar 03 13:33:11 EST 2013 -->
-<meta http-equiv="Content-Type" content="text/html" charset="iso-8859-1">
-<title>Commons Validator 1.4.1-SNAPSHOT Test API</title>
-<script type="text/javascript">
- targetPage = "" + window.location.search;
- if (targetPage != "" && targetPage != "undefined")
- targetPage = targetPage.substring(1);
- if (targetPage.indexOf(":") != -1)
- targetPage = "undefined";
- function loadFrames() {
- if (targetPage != "" && targetPage != "undefined")
- top.classFrame.location = top.targetPage;
- }
-</script>
-</head>
-<frameset cols="20%,80%" title="Documentation frame" onload="top.loadFrames()">
-<frameset rows="30%,70%" title="Left frames" onload="top.loadFrames()">
-<frame src="overview-frame.html" name="packageListFrame" title="All Packages">
-<frame src="allclasses-frame.html" name="packageFrame" title="All classes and interfaces (except non-static nested types)">
-</frameset>
-<frame src="overview-summary.html" name="classFrame" title="Package, class and interface descriptions" scrolling="yes">
-<noframes>
-<noscript>
-<div>JavaScript is disabled on your browser.</div>
-</noscript>
-<h2>Frame Alert</h2>
-<p>This document is designed to be viewed using the frames feature. If you see this message, you are using a non-frame-capable web client. Link to <a href="overview-summary.html">Non-frame version</a>.</p>
-</noframes>
-</frameset>
-</html>
\ No newline at end of file
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">
+<!-- NewPage -->
+<html lang="en">
+<head>
+<!-- Generated by javadoc on Sun Mar 03 13:33:11 EST 2013 -->
+<meta http-equiv="Content-Type" content="text/html" charset="iso-8859-1">
+<title>Commons Validator 1.4.1-SNAPSHOT Test API</title>
+<script type="text/javascript">
+ targetPage = "" + window.location.search;
+ if (targetPage != "" && targetPage != "undefined")
+ targetPage = targetPage.substring(1);
+ if (targetPage.indexOf(":") != -1)
+ targetPage = "undefined";
+ if (targetPage != "" && !validURL(targetPage))
+ targetPage = "undefined";
+ function validURL(url) {
+ var pos = url.indexOf(".html");
+ if (pos == -1 || pos != url.length - 5)
+ return false;
+ var allowNumber = false;
+ var allowSep = false;
+ var seenDot = false;
+ for (var i = 0; i < url.length - 5; i++) {
+ var ch = url.charAt(i);
+ if ('a' <= ch && ch <= 'z' ||
+ 'A' <= ch && ch <= 'Z' ||
+ ch == '$' ||
+ ch == '_') {
+ allowNumber = true;
+ allowSep = true;
+ } else if ('0' <= ch && ch <= '9'
+ || ch == '-') {
+ if (!allowNumber)
+ return false;
+ } else if (ch == '/' || ch == '.') {
+ if (!allowSep)
+ return false;
+ allowNumber = false;
+ allowSep = false;
+ if (ch == '.')
+ seenDot = true;
+ if (ch == '/' && seenDot)
+ return false;
+ } else {
+ return false;
+ }
+ }
+ return true;
+ }
+ function loadFrames() {
+ if (targetPage != "" && targetPage != "undefined")
+ top.classFrame.location = top.targetPage;
+ }
+</script>
+</head>
+<frameset cols="20%,80%" title="Documentation frame" onload="top.loadFrames()">
+<frameset rows="30%,70%" title="Left frames" onload="top.loadFrames()">
+<frame src="overview-frame.html" name="packageListFrame" title="All Packages">
+<frame src="allclasses-frame.html" name="packageFrame" title="All classes and interfaces (except non-static nested types)">
+</frameset>
+<frame src="overview-summary.html" name="classFrame" title="Package, class and interface descriptions" scrolling="yes">
+<noframes>
+<noscript>
+<div>JavaScript is disabled on your browser.</div>
+</noscript>
+<h2>Frame Alert</h2>
+<p>This document is designed to be viewed using the frames feature. If you see this message, you are using a non-frame-capable web client. Link to <a href="overview-summary.html">Non-frame version</a>.</p>
+</noframes>
+</frameset>
+</html>