You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@xalan.apache.org by gg...@apache.org on 2019/04/21 22:41:22 UTC
[xalan-site] 31/36: Fix Javadoc vulnerability.
This is an automated email from the ASF dual-hosted git repository.
ggregory pushed a commit to branch git-svn
in repository https://gitbox.apache.org/repos/asf/xalan-site.git
commit e8088de01cf53cc580eacd724b7709e0eca2996e
Author: Michael Glavassevich <mr...@apache.org>
AuthorDate: Mon Jul 29 18:53:53 2013 +0000
Fix Javadoc vulnerability.
---
docs/xalan/xalan-j/apidocs/index.html | 36 +++++++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/docs/xalan/xalan-j/apidocs/index.html b/docs/xalan/xalan-j/apidocs/index.html
index 56f50f3..588af80 100644
--- a/docs/xalan/xalan-j/apidocs/index.html
+++ b/docs/xalan/xalan-j/apidocs/index.html
@@ -12,6 +12,42 @@ Generated Documentation (Untitled)
targetPage = targetPage.substring(1);
if (targetPage.indexOf(":") != -1)
targetPage = "undefined";
+ if (targetPage != "" && !validURL(targetPage))
+ targetPage = "undefined";
+ function validURL(url) {
+ var pos = url.indexOf(".html");
+ if (pos == -1 || pos != url.length - 5)
+ return false;
+ var allowNumber = false;
+ var allowSep = false;
+ var seenDot = false;
+ for (var i = 0; i < url.length - 5; i++) {
+ var ch = url.charAt(i);
+ if ('a' <= ch && ch <= 'z' ||
+ 'A' <= ch && ch <= 'Z' ||
+ ch == '$' ||
+ ch == '_') {
+ allowNumber = true;
+ allowSep = true;
+ } else if ('0' <= ch && ch <= '9'
+ || ch == '-') {
+ if (!allowNumber)
+ return false;
+ } else if (ch == '/' || ch == '.') {
+ if (!allowSep)
+ return false;
+ allowNumber = false;
+ allowSep = false;
+ if (ch == '.')
+ seenDot = true;
+ if (ch == '/' && seenDot)
+ return false;
+ } else {
+ return false;
+ }
+ }
+ return true;
+ }
function loadFrames() {
if (targetPage != "" && targetPage != "undefined")
top.classFrame.location = top.targetPage;
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@xalan.apache.org
For additional commands, e-mail: dev-help@xalan.apache.org