Unified Diff: lib/filterClasses.js
Issue 29793555:
Issue 6704 - Prevent $rewrite filters from matching against request types that load code (Closed)
Patch Set:
Created May 29, 2018, 1:21 p.m.
Use n/p to move between diff chunks;
N/P to move between comments.
« no previous file with comments
|
« no previous file
|
test/filterClasses.js » ('j')
|
no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')
| Index: lib/filterClasses.js |
| =================================================================== |
| --- a/lib/filterClasses.js |
| +++ b/lib/filterClasses.js |
| @@ -826,6 +826,17 @@ |
| } |
| } |
| + // For security reasons, never match $rewrite filters |
| + // against requests that might load any code to be executed. |
| + if (rewrite != null) |
| + { |
| + if (contentType == null) |
| + ({contentType} = RegExpFilter.prototype); |
| + contentType &= ~(RegExpFilter.typeMap.SCRIPT | |
| + RegExpFilter.typeMap.SUBDOCUMENT | |
| + RegExpFilter.typeMap.OBJECT); |
| + } |
| + |
| try |
| { |
| if (blocking) |
« no previous file with comments
|
« no previous file
|
test/filterClasses.js » ('j')
|
no next file with comments »
