You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@flex.apache.org by jm...@apache.org on 2016/11/03 06:43:36 UTC

git commit: [flex-sdk] [refs/heads/release4.16.0] - FLEX-35123 Fix DOM XSS vulnerability for very old versions of Safari

Repository: flex-sdk
Updated Branches:
  refs/heads/release4.16.0 2d698095a -> 4fa501472


FLEX-35123 Fix DOM XSS vulnerability for very old versions of Safari


Project: http://git-wip-us.apache.org/repos/asf/flex-sdk/repo
Commit: http://git-wip-us.apache.org/repos/asf/flex-sdk/commit/4fa50147
Tree: http://git-wip-us.apache.org/repos/asf/flex-sdk/tree/4fa50147
Diff: http://git-wip-us.apache.org/repos/asf/flex-sdk/diff/4fa50147

Branch: refs/heads/release4.16.0
Commit: 4fa501472d31de82d2f4cb29404c68c939099c69
Parents: 2d69809
Author: Justin Mclean <jm...@apache.org>
Authored: Thu Nov 3 17:43:14 2016 +1100
Committer: Justin Mclean <jm...@apache.org>
Committed: Thu Nov 3 17:43:14 2016 +1100

----------------------------------------------------------------------
 templates/swfobject/history/history.js | 23 ++---------------------
 1 file changed, 2 insertions(+), 21 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/flex-sdk/blob/4fa50147/templates/swfobject/history/history.js
----------------------------------------------------------------------
diff --git a/templates/swfobject/history/history.js b/templates/swfobject/history/history.js
index 4db119c..e0c3183 100644
--- a/templates/swfobject/history/history.js
+++ b/templates/swfobject/history/history.js
@@ -262,27 +262,8 @@ BrowserHistory = (function() {
             }
 
             if (browser.safari && !browserHasHashChange) {
-                // for Safari, submit a form whose action points to the desired URL
-                if (browser.version <= 419.3) {
-                    var file = window.location.pathname.toString();
-                    file = file.substring(file.lastIndexOf("/")+1);
-                    getFormElement().innerHTML = '<form name="historyForm" action="'+file+'#' + flexAppUrl + '" method="GET"></form>';
-                    //get the current elements and add them to the form
-                    var qs = window.location.search.substring(1);
-                    var qs_arr = qs.split("&");
-                    for (var i = 0; i < qs_arr.length; i++) {
-                        var tmp = qs_arr[i].split("=");
-                        var elem = document.createElement("input");
-                        elem.type = "hidden";
-                        elem.name = tmp[0];
-                        elem.value = tmp[1];
-                        document.forms.historyForm.appendChild(elem);
-                    }
-                    document.forms.historyForm.submit();
-                } else {
-                    top.location.hash = flexAppUrl;
-                }
-                // We also have to maintain the history by hand for Safari
+                top.location.hash = flexAppUrl;
+                // We have to maintain the history by hand for Safari
                 historyHash[history.length] = flexAppUrl;
                 _storeStates();
             } else {