U4-7477 xss char stripping on data type names is being too agressive

2016-01-05 11:35:24 +01:00
parent 664aa3842d
commit 415aaf3e2b
2 changed files with 4 additions and 4 deletions
--- a/src/Umbraco.Web/Editors/DataTypeValidateAttribute.cs
+++ b/src/Umbraco.Web/Editors/DataTypeValidateAttribute.cs
@@ -42,8 +42,8 @@ namespace Umbraco.Web.Editors
        {
            var dataType = (DataTypeSave)actionContext.ActionArguments["dataType"];

-            dataType.Name = dataType.Name.CleanForXss();
-            dataType.Alias = dataType.Name.CleanForXss();
+            dataType.Name = dataType.Name.CleanForXss('[', ']', '(', ')');
+            dataType.Alias = dataType.Name.CleanForXss('[', ']', '(', ')');

            //Validate that the property editor exists
            var propertyEditor = PropertyEditorResolver.Current.GetByAlias(dataType.SelectedEditor);
--- a/src/Umbraco.Web/WebServices/SaveFileController.cs
+++ b/src/Umbraco.Web/WebServices/SaveFileController.cs
@@ -152,8 +152,8 @@ namespace Umbraco.Web.WebServices
            {
                t = new Template(templateId)
                {
-                    Text = templateName.CleanForXss(),
-                    Alias = templateAlias.CleanForXss(),
+                    Text = templateName.CleanForXss('[', ']', '(', ')'),
+                    Alias = templateAlias.CleanForXss('[', ']', '(', ')'),
                    Design = templateContents
                };