bceba00a4907112f34e59e8d41001f1f9796ee8b - gwt

commit: bceba00a4907112f34e59e8d41001f1f9796ee8b
[log] [tgz]
author: gwt.team.knorton <gwt.team.knorton@8db76d5a-ed1c-0410-87a9-c151d255dfc7>
Tue Jul 24 00:35:32 2007 +0000
committer: gwt.team.knorton <gwt.team.knorton@8db76d5a-ed1c-0410-87a9-c151d255dfc7>
Tue Jul 24 00:35:32 2007 +0000
tree: 81c9d8ef0e49889c43892bd05b93095138d38cb1
parent: 687674a043da7fe9404da48c19709293c66d9989 [diff]

Fixes Issue #1421.
HistoryImplIE6 did a $doc.write of the unsanitized historyToken exposing an
XSS vulnerability. This fix adds html entity escaping to the token before
it is written.

Found by: akimpton
Review by: scottb, jgw



git-svn-id: https://google-web-toolkit.googlecode.com/svn/trunk@1257 8db76d5a-ed1c-0410-87a9-c151d255dfc7

user/src/com/google/gwt/user/client/impl/HistoryImplIE6.java[diff]

1 file changed

tree: 81c9d8ef0e49889c43892bd05b93095138d38cb1

build-tools/
dev/
distro-source/
doc/
eclipse/
jni/
samples/
servlet/
tools/
user/
build.xml
common.ant.xml
platforms.ant.xml