aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnanya Sen2012-07-18 09:10:54 -0700
committerAnanya Sen2012-07-18 09:10:54 -0700
commitf1ba6e97f4e171566f6785069ecfca627c132f25 (patch)
tree979f486c72588879301683b38ff92f273de55cea
parent1e9cd5ea63f06f264ea22be36ec565ee2bae1acc (diff)
downloadninja-f1ba6e97f4e171566f6785069ecfca627c132f25.tar.gz
removing iframes from pasted content to prevent frame injection attack
Signed-off-by: Ananya Sen <Ananya.Sen@motorola.com>
-rw-r--r--js/clipboard/external-apps-clipboard-agent.js7
1 files changed, 4 insertions, 3 deletions
diff --git a/js/clipboard/external-apps-clipboard-agent.js b/js/clipboard/external-apps-clipboard-agent.js
index 5a82314b..65410543 100644
--- a/js/clipboard/external-apps-clipboard-agent.js
+++ b/js/clipboard/external-apps-clipboard-agent.js
@@ -186,9 +186,10 @@ var ExternalAppsClipboardAgent = exports.ExternalAppsClipboardAgent = Montage.cr
186 sanitize : { 186 sanitize : {
187 value: function(data){ 187 value: function(data){
188 data = data.replace(/\<meta [^>]+>/gi, ""); // Remove meta tags 188 data = data.replace(/\<meta [^>]+>/gi, ""); // Remove meta tags
189 data = data.replace(/\<script [^>]+>/g," "); // Remove script tags 189 data = data.replace(/\<script [^>]+>/g," "); // Remove script tags to prevenet script injection attack
190 data = data.replace(/\<link [^>]+>/g," "); // Remove script tags 190 data = data.replace(/\<link [^>]+>/g," "); // Remove link tags to prevent unwanted css files that may corrupt the stage
191 data = data.replace(/\<xml [^>]+>/g," "); // Remove script tags 191 data = data.replace(/\<xml [^>]+>/g," "); // Remove xml tags since it works only for IE browsers
192 data = data.replace(/\<iframe [^>]+>/g," "); // Remove iframe tags to prevent iframe injection attack
192 193
193 return data; 194 return data;
194 } 195 }