yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Removing malicious code from the name of a Stylesheet.

Browse Source
This commit is contained in:
elitsa
2018-12-03 08:45:11 +01:00
parent 5f165d23db
commit 3a26fe8fe2
3 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/Umbraco.Core/StringExtensions.cs
View File

@@ -190,7 +190,7 @@ namespace Umbraco.Core
return new string(outputArray);
}
private static readonly char[] CleanForXssChars = "*?(){}[];:%<>/\\|&'\"".ToCharArray();
private static readonly char[] CleanForXssChars = "*?(){}[];:%<>/\\|&'+\"".ToCharArray();
/// <summary>
/// Cleans string to aid in preventing xss attacks.
@@ -541,7 +541,7 @@ namespace Umbraco.Core
/// <returns>Returns the string without any html tags.</returns>
public static string StripHtml(this string text)
{
const string pattern = @"<(.|\n)*?>";
string pattern = "[*{}\\/:<>?|\"-+()\\n]";
return Regex.Replace(text, pattern, String.Empty);
}