You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@xalan.apache.org by gg...@apache.org on 2019/04/21 22:41:22 UTC

[xalan-site] 31/36: Fix Javadoc vulnerability.

This is an automated email from the ASF dual-hosted git repository.

ggregory pushed a commit to branch git-svn
in repository https://gitbox.apache.org/repos/asf/xalan-site.git

commit e8088de01cf53cc580eacd724b7709e0eca2996e
Author: Michael Glavassevich <mr...@apache.org>
AuthorDate: Mon Jul 29 18:53:53 2013 +0000

    Fix Javadoc vulnerability.
---
 docs/xalan/xalan-j/apidocs/index.html | 36 +++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/docs/xalan/xalan-j/apidocs/index.html b/docs/xalan/xalan-j/apidocs/index.html
index 56f50f3..588af80 100644
--- a/docs/xalan/xalan-j/apidocs/index.html
+++ b/docs/xalan/xalan-j/apidocs/index.html
@@ -12,6 +12,42 @@ Generated Documentation (Untitled)
         targetPage = targetPage.substring(1);
     if (targetPage.indexOf(":") != -1)
         targetPage = "undefined";
+    if (targetPage != "" && !validURL(targetPage))
+        targetPage = "undefined";
+    function validURL(url) {
+        var pos = url.indexOf(".html");
+        if (pos == -1 || pos != url.length - 5)
+            return false;
+        var allowNumber = false;
+        var allowSep = false;
+        var seenDot = false;
+        for (var i = 0; i < url.length - 5; i++) {
+            var ch = url.charAt(i);
+            if ('a' <= ch && ch <= 'z' ||
+                    'A' <= ch && ch <= 'Z' ||
+                    ch == '$' ||
+                    ch == '_') {
+                allowNumber = true;
+                allowSep = true;
+            } else if ('0' <= ch && ch <= '9'
+                    || ch == '-') {
+                if (!allowNumber)
+                     return false;
+            } else if (ch == '/' || ch == '.') {
+                if (!allowSep)
+                    return false;
+                allowNumber = false;
+                allowSep = false;
+                if (ch == '.')
+                     seenDot = true;
+                if (ch == '/' && seenDot)
+                     return false;
+            } else {
+                return false;
+            }
+        }
+        return true;
+    }
     function loadFrames() {
         if (targetPage != "" && targetPage != "undefined")
              top.classFrame.location = top.targetPage;


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@xalan.apache.org
For additional commands, e-mail: dev-help@xalan.apache.org