mhonarc-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bug #2051] Query string including 'action=' not handled properly

2002-12-26 17:34:38
from [Gunnar Hjalmarsson] [Permanent Link] 
Gunnar:
I made MHonArc accept the occurrence of 'action=' in a query string by editing line 333 in mhtxthtml.pl: 

    $$data =~ s/(\s$UAttr\s*=\s*)([^\s'">][^\s>]+)
-----------------^^


Earl:


This is a known limitation.  The change you made allows
for scripting content to make it through the filtering,
so it will not be used.  Example:

<a href="/"onmouseover="javascript:alert('onmouseover');">Server Home</a>
Okay... Since I couldn't re-open the bug, let me make a new try here. How about: 

    $$data =~ s/([^\?&;]$UAttr\s*=\s*)([^\s'">][^\s>]+)
-----------------^^^^^^^

/ Gunnar


---------------------------------------------------------------------
To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the
message text UNSUBSCRIBE MHONARC-DEV
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Inconsistent URL filtering?, Gunnar Hjalmarsson
Next by Date:  [Bug #2080] Redundant substitution, nobody
Previous by Thread:  [Bug #2051] Query string including 'action=' not handled properly, nobody
Next by Thread:  Re: [Bug #2051] Query string including 'action=' not handled properly, Earl Hood
Indexes:  [Date] [Thread] [Top] [All Lists]