removing iframes from pasted content to prevent frame injection attack

Signed-off-by: Ananya Sen <Ananya.Sen@motorola.com>
author: Ananya Sen 2012-07-18 09:10:54 -0700
committer: Ananya Sen 2012-07-18 09:10:54 -0700
commit: f1ba6e97f4e171566f6785069ecfca627c132f25 (patch)
tree: 979f486c72588879301683b38ff92f273de55cea /js
parent: 1e9cd5ea63f06f264ea22be36ec565ee2bae1acc (diff)
download: ninja-f1ba6e97f4e171566f6785069ecfca627c132f25.tar.gz
1 files changed, 4 insertions, 3 deletions
diff --git a/js/clipboard/external-apps-clipboard-agent.js b/js/clipboard/external-apps-clipboard-agent.js
index 5a82314b..65410543 100644
--- a/js/clipboard/external-apps-clipboard-agent.js
+++ b/js/clipboard/external-apps-clipboard-agent.js
@@ -186,9 +186,10 @@ var ExternalAppsClipboardAgent = exports.ExternalAppsClipboardAgent = Montage.cr
    sanitize : {
        value: function(data){
            data = data.replace(/\<meta [^>]+>/gi, ""); // Remove meta tags
-            data = data.replace(/\<script [^>]+>/g," "); // Remove script tags
+            data = data.replace(/\<script [^>]+>/g," "); // Remove script tags to prevenet script injection attack
-            data = data.replace(/\<link [^>]+>/g," "); // Remove script tags
+            data = data.replace(/\<link [^>]+>/g," "); // Remove link tags to prevent unwanted css files that may corrupt the stage
-            data = data.replace(/\<xml [^>]+>/g," "); // Remove script tags
+            data = data.replace(/\<xml [^>]+>/g," "); // Remove xml tags since it works only for IE browsers
+            data = data.replace(/\<iframe [^>]+>/g," "); // Remove iframe tags to prevent iframe injection attack
            return data;
        }
author	Ananya Sen	2012-07-18 09:10:54 -0700
committer	Ananya Sen	2012-07-18 09:10:54 -0700
commit	f1ba6e97f4e171566f6785069ecfca627c132f25 (patch)
tree	979f486c72588879301683b38ff92f273de55cea /js
parent	1e9cd5ea63f06f264ea22be36ec565ee2bae1acc (diff)
download	ninja-f1ba6e97f4e171566f6785069ecfca627c132f25.tar.gz