yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/6.2.0' into 7.0.1

Browse Source 
Conflicts:
	src/Umbraco.Web.UI/umbraco/LiveEditing/Modules/SkinModule/ModuleInjector.aspx
	src/Umbraco.Web.UI/umbraco/Umbraco.aspx.cs
	src/Umbraco.Web/umbraco.presentation/umbraco/LiveEditing/Modules/SkinModule/ImageUploader.aspx.cs
	src/Umbraco.Web/umbraco.presentation/umbraco/dashboard.aspx.cs
	src/Umbraco.Web/umbraco.presentation/umbraco/developer/Cache/viewCacheItem.aspx.cs
	src/Umbraco.Web/umbraco.presentation/umbraco/developer/Macros/assemblyBrowser.aspx.cs
This commit is contained in:
Shannon
2013-12-04 13:50:55 +11:00
parent cb13b4a0e0 33aa4e2062
commit 5b7e9c712e
13 changed files with 36 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/Umbraco.Web/HttpRequestExtensions.cs
View File

@@ -17,13 +17,10 @@ namespace Umbraco.Web
/// <param name="request"></param>
/// <param name="key"></param>
/// <returns></returns>
public static string GetCleanedItem(this HttpRequest request, string key)
public static string CleanForXss(this HttpRequest request, string key)
{
var item = request.GetItemAsString(key);
//remove any html
item = item.StripHtml();
//strip out any potential chars involved with XSS
return item.ExceptChars(new HashSet<char>("(){}[];:%<>/\\|&'\"".ToCharArray()));
return item.CleanForXss();
}
/// <summary>