On Tue, May 10, 2005 14:55, Ulf Harnhammar wrote:
> Protecting against this type of attack is much more complicated than
> this. As Jeroen noted, HTML entities are interpreted, so you have to
> protect against things like "javascript:". Some browsers allow varying
> amounts of whitespace inside pro
(Sorry for not doing this as a real reply with the correct mail headers,
but I'm not subscribed to debian-security, I only read it on the web.)
> > | + $text = preg_replace('#(script|about|applet|activex|chrome):#is',
> > "\\1:", $text);
> It looks like this is about preventing URL's like src="
On Mon, May 09, 2005 at 12:11:06PM +0200, Alexis Sukrieh wrote:
> Find attached a diff made against 2.0.15 and our last sid version.
>
> | + $text = preg_replace('#(script|about|applet|activex|chrome):#is',
> "\\1:", $text);
>
> It looks like this patch can be applied to close the bug.
Ok, bas
tags 308282 + patch
thanks
Hello.
According to the upstream forum, this security issue is resolved in
2.0.15.
Find attached a diff made against 2.0.15 and our last sid version.
It looks like this patch can be applied to close the bug.
Regards.
--
Alexis Sukr
4 matches
Mail list logo
