yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixes potential xss

Browse Source
This commit is contained in:
Shannon
2013-12-04 12:42:40 +11:00
parent d4514844f8
commit 1efa75c891
4 changed files with 31 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/Umbraco.Web/HttpRequestExtensions.cs
View File

@@ -20,10 +20,7 @@ namespace Umbraco.Web
public static string GetCleanedItem(this HttpRequest request, string key)
{
var item = request.GetItemAsString(key);
//remove any html
item = item.StripHtml();
//strip out any potential chars involved with XSS
return item.ExceptChars(new HashSet<char>("(){}[];:%<>/\\|&'\"".ToCharArray()));
return item.CleanForXss();
}
/// <summary>