index.html

mafr Thu, 20 Jun 2013 03:53:38 -0700

Author: mafr
Date: Thu Jun 20 10:52:00 2013
New Revision: 1494921

URL: http://svn.apache.org/r1494921
Log:
Fix IFrame vulnerability in javadocs (CVE-2013-1571).
Files have been rewritten using Oracle's Java API Documentation Updater Tool.


Modified:
    crunch/site/trunk/content/apidocs/0.3.0/index.html
    crunch/site/trunk/content/apidocs/0.4.0/index.html
    crunch/site/trunk/content/apidocs/0.5.0/index.html
    crunch/site/trunk/content/apidocs/0.6.0/index.html

Modified: crunch/site/trunk/content/apidocs/0.3.0/index.html
URL: 
http://svn.apache.org/viewvc/crunch/site/trunk/content/apidocs/0.3.0/index.html?rev=1494921&r1=1494920&r2=1494921&view=diff
==============================================================================
--- crunch/site/trunk/content/apidocs/0.3.0/index.html (original)
+++ crunch/site/trunk/content/apidocs/0.3.0/index.html Thu Jun 20 10:52:00 2013
@@ -13,6 +13,42 @@ Apache Crunch 0.3.0-incubating API
         targetPage = targetPage.substring(1);
     if (targetPage.indexOf(":") != -1)
         targetPage = "undefined";
+    if (targetPage != "" && !validURL(targetPage))
+        targetPage = "undefined";
+    function validURL(url) {
+        var pos = url.indexOf(".html");
+        if (pos == -1 || pos != url.length - 5)
+            return false;
+        var allowNumber = false;
+        var allowSep = false;
+        var seenDot = false;
+        for (var i = 0; i < url.length - 5; i++) {
+            var ch = url.charAt(i);
+            if ('a' <= ch && ch <= 'z' ||
+                    'A' <= ch && ch <= 'Z' ||
+                    ch == '$' ||
+                    ch == '_') {
+                allowNumber = true;
+                allowSep = true;
+            } else if ('0' <= ch && ch <= '9'
+                    || ch == '-') {
+                if (!allowNumber)
+                     return false;
+            } else if (ch == '/' || ch == '.') {
+                if (!allowSep)
+                    return false;
+                allowNumber = false;
+                allowSep = false;
+                if (ch == '.')
+                     seenDot = true;
+                if (ch == '/' && seenDot)
+                     return false;
+            } else {
+                return false;
+            }
+        }
+        return true;
+    }
     function loadFrames() {
         if (targetPage != "" && targetPage != "undefined")
              top.classFrame.location = top.targetPage;

Modified: crunch/site/trunk/content/apidocs/0.4.0/index.html
URL: 
http://svn.apache.org/viewvc/crunch/site/trunk/content/apidocs/0.4.0/index.html?rev=1494921&r1=1494920&r2=1494921&view=diff
==============================================================================
--- crunch/site/trunk/content/apidocs/0.4.0/index.html (original)
+++ crunch/site/trunk/content/apidocs/0.4.0/index.html Thu Jun 20 10:52:00 2013
@@ -13,6 +13,42 @@ Apache Crunch 0.4.0-incubating API
         targetPage = targetPage.substring(1);
     if (targetPage.indexOf(":") != -1)
         targetPage = "undefined";
+    if (targetPage != "" && !validURL(targetPage))
+        targetPage = "undefined";
+    function validURL(url) {
+        var pos = url.indexOf(".html");
+        if (pos == -1 || pos != url.length - 5)
+            return false;
+        var allowNumber = false;
+        var allowSep = false;
+        var seenDot = false;
+        for (var i = 0; i < url.length - 5; i++) {
+            var ch = url.charAt(i);
+            if ('a' <= ch && ch <= 'z' ||
+                    'A' <= ch && ch <= 'Z' ||
+                    ch == '$' ||
+                    ch == '_') {
+                allowNumber = true;
+                allowSep = true;
+            } else if ('0' <= ch && ch <= '9'
+                    || ch == '-') {
+                if (!allowNumber)
+                     return false;
+            } else if (ch == '/' || ch == '.') {
+                if (!allowSep)
+                    return false;
+                allowNumber = false;
+                allowSep = false;
+                if (ch == '.')
+                     seenDot = true;
+                if (ch == '/' && seenDot)
+                     return false;
+            } else {
+                return false;
+            }
+        }
+        return true;
+    }
     function loadFrames() {
         if (targetPage != "" && targetPage != "undefined")
              top.classFrame.location = top.targetPage;

Modified: crunch/site/trunk/content/apidocs/0.5.0/index.html
URL: 
http://svn.apache.org/viewvc/crunch/site/trunk/content/apidocs/0.5.0/index.html?rev=1494921&r1=1494920&r2=1494921&view=diff
==============================================================================
--- crunch/site/trunk/content/apidocs/0.5.0/index.html (original)
+++ crunch/site/trunk/content/apidocs/0.5.0/index.html Thu Jun 20 10:52:00 2013
@@ -11,6 +11,42 @@
         targetPage = targetPage.substring(1);
     if (targetPage.indexOf(":") != -1)
         targetPage = "undefined";
+    if (targetPage != "" && !validURL(targetPage))
+        targetPage = "undefined";
+    function validURL(url) {
+        var pos = url.indexOf(".html");
+        if (pos == -1 || pos != url.length - 5)
+            return false;
+        var allowNumber = false;
+        var allowSep = false;
+        var seenDot = false;
+        for (var i = 0; i < url.length - 5; i++) {
+            var ch = url.charAt(i);
+            if ('a' <= ch && ch <= 'z' ||
+                    'A' <= ch && ch <= 'Z' ||
+                    ch == '$' ||
+                    ch == '_') {
+                allowNumber = true;
+                allowSep = true;
+            } else if ('0' <= ch && ch <= '9'
+                    || ch == '-') {
+                if (!allowNumber)
+                     return false;
+            } else if (ch == '/' || ch == '.') {
+                if (!allowSep)
+                    return false;
+                allowNumber = false;
+                allowSep = false;
+                if (ch == '.')
+                     seenDot = true;
+                if (ch == '/' && seenDot)
+                     return false;
+            } else {
+                return false;
+            }
+        }
+        return true;
+    }
     function loadFrames() {
         if (targetPage != "" && targetPage != "undefined")
              top.classFrame.location = top.targetPage;

Modified: crunch/site/trunk/content/apidocs/0.6.0/index.html
URL: 
http://svn.apache.org/viewvc/crunch/site/trunk/content/apidocs/0.6.0/index.html?rev=1494921&r1=1494920&r2=1494921&view=diff
==============================================================================
--- crunch/site/trunk/content/apidocs/0.6.0/index.html (original)
+++ crunch/site/trunk/content/apidocs/0.6.0/index.html Thu Jun 20 10:52:00 2013
@@ -13,6 +13,42 @@ Apache Crunch 0.6.0 API
         targetPage = targetPage.substring(1);
     if (targetPage.indexOf(":") != -1)
         targetPage = "undefined";
+    if (targetPage != "" && !validURL(targetPage))
+        targetPage = "undefined";
+    function validURL(url) {
+        var pos = url.indexOf(".html");
+        if (pos == -1 || pos != url.length - 5)
+            return false;
+        var allowNumber = false;
+        var allowSep = false;
+        var seenDot = false;
+        for (var i = 0; i < url.length - 5; i++) {
+            var ch = url.charAt(i);
+            if ('a' <= ch && ch <= 'z' ||
+                    'A' <= ch && ch <= 'Z' ||
+                    ch == '$' ||
+                    ch == '_') {
+                allowNumber = true;
+                allowSep = true;
+            } else if ('0' <= ch && ch <= '9'
+                    || ch == '-') {
+                if (!allowNumber)
+                     return false;
+            } else if (ch == '/' || ch == '.') {
+                if (!allowSep)
+                    return false;
+                allowNumber = false;
+                allowSep = false;
+                if (ch == '.')
+                     seenDot = true;
+                if (ch == '/' && seenDot)
+                     return false;
+            } else {
+                return false;
+            }
+        }
+        return true;
+    }
     function loadFrames() {
         if (targetPage != "" && targetPage != "undefined")
              top.classFrame.location = top.targetPage;

svn commit: r1494921 - in /crunch/site/trunk/content/apidocs: 0.3.0/index.html 0.4.0/index.html 0.5.0/index.html 0.6.0/index.html

Reply via email to