#499 bug
kangjin jun

extractScripts evaluates code contained in HTML comments

Reported by kangjin jun | December 21st, 2008 @ 09:22 AM

this method is evaluate code in comments

sample: <!-- <script> alert('1'); </script> -->

extractScripts: function() {

var matchAll = new RegExp(Prototype.ScriptFragment, 'img');
var matchOne = new RegExp(Prototype.ScriptFragment, 'im');
return (this.match(matchAll) || []).map(function(scriptTag) {
  return (scriptTag.match(matchOne) || ['', ''])[1];
});

},

debuged code -->

stripComments:function(){
return this.replace(/<\!--[\S\s]*?-->/, '');

},

extractScripts: function() {

var matchAll = new RegExp(Prototype.ScriptFragment, 'img');
var matchOne = new RegExp(Prototype.ScriptFragment, 'im');
return (this.stripComments().match(matchAll) || []).map(function(scriptTag) {
  return (scriptTag.match(matchOne) || ['', ''])[1];
});

},

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

The Prototype JavaScript library.

Shared Ticket Bins

People watching this ticket

Pages