Changeset 3332 for branches/2.2
- Timestamp:
- 10/06/10 12:00:56 (13 years ago)
- Location:
- branches/2.2/jabberit_messenger/jmessenger/js
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.2/jabberit_messenger/jmessenger/js/trophyim.js
r3325 r3332 851 851 _text = _text.replace(/style/gi,"EVENT_DENY"); 852 852 853 // Tags HTML 854 _text = _text.replace(/img /gi,"IMG_DENY "); 855 856 _text = _text.replace(/script /gi,"SCRIPT_DENY "); 857 858 _text = _text.replace(/div /gi,"DIV_DENY "); 859 860 _text = _text.replace(/span /gi,"SPAN_DENY "); 861 862 _text = _text.replace(/iframe /gi,"IFRAME_DENY "); 863 853 864 _message.innerHTML = _text; 854 865 855 866 ////////// BEGIN XSS ////////////////////////////////////////////////// 856 867 // Delete Tags <SCRIPT> 857 var scripts = _message.getElementsByTagName('script ');868 var scripts = _message.getElementsByTagName('script_deny'); 858 869 for (var i = 0; i < scripts.length; i++){ _message.removeChild(scripts[i--]); } 859 870 //////////////////////////////////////////////////// 860 871 861 872 // Delete Tags <IMG> 862 var _imgSrc = _message.getElementsByTagName('img ');863 for (var i = 0; i < _imgSrc.length; i++){ _ message.removeChild( _imgSrc[i--] ); }873 var _imgSrc = _message.getElementsByTagName('img_deny'); 874 for (var i = 0; i < _imgSrc.length; i++){ _imgSrc[i].parentNode.removeChild( _imgSrc[i--] ); } 864 875 //////////////////////////////////////////////////// 865 876 866 877 // Delete Tags <DIV> 867 var _Div = _message.getElementsByTagName('div ');868 for (var i = 0; i < _Div.length; i++){ _ message.removeChild( _Div[i--] ); }878 var _Div = _message.getElementsByTagName('div_deny'); 879 for (var i = 0; i < _Div.length; i++){ _Div[i].parentNode.removeChild( _Div[i--] ); } 869 880 //////////////////////////////////////////////////// 870 881 871 882 // Delete Tags <SPAN> 872 var _Span = _message.getElementsByTagName('span ');873 for (var i = 0; i < _Span.length; i++){ _ message.removeChild( _Span[i--] ); }883 var _Span = _message.getElementsByTagName('span_deny'); 884 for (var i = 0; i < _Span.length; i++){ _Span[i].parentNode.removeChild( _Span[i--] ); } 874 885 //////////////////////////////////////////////////// 875 886 876 887 // Delete Tags <IFRAME> 877 var _Iframe = _message.getElementsByTagName('iframe ');878 for (var i = 0; i < _Iframe.length; i++){ _ message.removeChild( _Iframe[i--] ); }888 var _Iframe = _message.getElementsByTagName('iframe_deny'); 889 for (var i = 0; i < _Iframe.length; i++){ _Iframe[i].parentNode.removeChild( _Iframe[i--] ); } 879 890 880 891 // Delete Tags <A HREF> 881 892 var _aHref = _message.getElementsByTagName('a'); 882 for (var i = 0; i < _aHref.length; i++){ _message.removeChild( _aHref[i--] ); } 883 893 for (var i = 0; i < _aHref.length; i++){ _aHref[i].parentNode.removeChild( _aHref[i--] ); } 884 894 885 895 _message.innerHTML = _message.innerHTML.replace(/^\s+|\s+$|^\n|\n$/g, ""); -
branches/2.2/jabberit_messenger/jmessenger/js/trophyim.mini.js
r3325 r3332 130 130 {state="";chatStateOnOff=document.getElementById(jid_lower+"__chatStateOnOff");if(active.length>0&chatStateOnOff!=null) 131 131 {chatStateOnOff.value='on';} 132 var _message=document.createElement("div");var _text=Strophe.getText(elems[0]);_text=_text.replace(/onblur/gi,"EVENT_DENY");_text=_text.replace(/onchange/gi,"EVENT_DENY");_text=_text.replace(/onclick/gi,"EVENT_DENY");_text=_text.replace(/ondblclick/gi,"EVENT_DENY");_text=_text.replace(/onerror/gi,"EVENT_DENY");_text=_text.replace(/onfocus/gi,"EVENT_DENY");_text=_text.replace(/onkeydown/gi,"EVENT_DENY");_text=_text.replace(/onkeypress/gi,"EVENT_DENY");_text=_text.replace(/onkeyup/gi,"EVENT_DENY");_text=_text.replace(/onmousedown/gi,"EVENT_DENY");_text=_text.replace(/onmousemove/gi,"EVENT_DENY");_text=_text.replace(/onmouseout/gi,"EVENT_DENY");_text=_text.replace(/onmouseover/gi,"EVENT_DENY");_text=_text.replace(/onmouseup/gi,"EVENT_DENY");_text=_text.replace(/onresize/gi,"EVENT_DENY");_text=_text.replace(/onselect/gi,"EVENT_DENY");_text=_text.replace(/onunload/gi,"EVENT_DENY");_text=_text.replace(/style/gi,"EVENT_DENY");_ message.innerHTML=_text;var scripts=_message.getElementsByTagName('script');for(var i=0;i<scripts.length;i++){_message.removeChild(scripts[i--]);}133 var _imgSrc=_message.getElementsByTagName('img ');for(var i=0;i<_imgSrc.length;i++){_message.removeChild(_imgSrc[i--]);}134 var _Div=_message.getElementsByTagName('div ');for(var i=0;i<_Div.length;i++){_message.removeChild(_Div[i--]);}135 var _Span=_message.getElementsByTagName('span ');for(var i=0;i<_Span.length;i++){_message.removeChild(_Span[i--]);}136 var _Iframe=_message.getElementsByTagName('iframe ');for(var i=0;i<_Iframe.length;i++){_message.removeChild(_Iframe[i--]);}137 var _aHref=_message.getElementsByTagName('a');for(var i=0;i<_aHref.length;i++){_ message.removeChild(_aHref[i--]);}132 var _message=document.createElement("div");var _text=Strophe.getText(elems[0]);_text=_text.replace(/onblur/gi,"EVENT_DENY");_text=_text.replace(/onchange/gi,"EVENT_DENY");_text=_text.replace(/onclick/gi,"EVENT_DENY");_text=_text.replace(/ondblclick/gi,"EVENT_DENY");_text=_text.replace(/onerror/gi,"EVENT_DENY");_text=_text.replace(/onfocus/gi,"EVENT_DENY");_text=_text.replace(/onkeydown/gi,"EVENT_DENY");_text=_text.replace(/onkeypress/gi,"EVENT_DENY");_text=_text.replace(/onkeyup/gi,"EVENT_DENY");_text=_text.replace(/onmousedown/gi,"EVENT_DENY");_text=_text.replace(/onmousemove/gi,"EVENT_DENY");_text=_text.replace(/onmouseout/gi,"EVENT_DENY");_text=_text.replace(/onmouseover/gi,"EVENT_DENY");_text=_text.replace(/onmouseup/gi,"EVENT_DENY");_text=_text.replace(/onresize/gi,"EVENT_DENY");_text=_text.replace(/onselect/gi,"EVENT_DENY");_text=_text.replace(/onunload/gi,"EVENT_DENY");_text=_text.replace(/style/gi,"EVENT_DENY");_text=_text.replace(/img /gi,"IMG_DENY ");_text=_text.replace(/script /gi,"SCRIPT_DENY ");_text=_text.replace(/div /gi,"DIV_DENY ");_text=_text.replace(/span /gi,"SPAN_DENY ");_text=_text.replace(/iframe /gi,"IFRAME_DENY ");_message.innerHTML=_text;var scripts=_message.getElementsByTagName('script_deny');for(var i=0;i<scripts.length;i++){_message.removeChild(scripts[i--]);} 133 var _imgSrc=_message.getElementsByTagName('img_deny');for(var i=0;i<_imgSrc.length;i++){_imgSrc[i].parentNode.removeChild(_imgSrc[i--]);} 134 var _Div=_message.getElementsByTagName('div_deny');for(var i=0;i<_Div.length;i++){_Div[i].parentNode.removeChild(_Div[i--]);} 135 var _Span=_message.getElementsByTagName('span_deny');for(var i=0;i<_Span.length;i++){_Span[i].parentNode.removeChild(_Span[i--]);} 136 var _Iframe=_message.getElementsByTagName('iframe_deny');for(var i=0;i<_Iframe.length;i++){_Iframe[i].parentNode.removeChild(_Iframe[i--]);} 137 var _aHref=_message.getElementsByTagName('a');for(var i=0;i<_aHref.length;i++){_aHref[i].parentNode.removeChild(_aHref[i--]);} 138 138 _message.innerHTML=_message.innerHTML.replace(/^\s+|\s+$|^\n|\n$/g,"");_message.innerHTML=loadscript.getSmiles(_message.innerHTML);if(type=='chat'||type=='normal') 139 139 {if(_message.hasChildNodes())
Note: See TracChangeset
for help on using the changeset viewer.