Author: nextgens
Date: 2006-05-16 20:01:08 +0000 (Tue, 16 May 2006)
New Revision: 8717
Modified:
trunk/freenet/src/freenet/clients/http/filter/HTMLFilter.java
Log:
A hole in the content filter to allow nim posting
Modified: trunk/freenet/src/freenet/clients/http/filter/HTMLFilter.java
===================================================================
--- trunk/freenet/src/freenet/clients/http/filter/HTMLFilter.java
2006-05-16 19:59:38 UTC (rev 8716)
+++ trunk/freenet/src/freenet/clients/http/filter/HTMLFilter.java
2006-05-16 20:01:08 UTC (rev 8717)
@@ -972,11 +972,10 @@
// FIXME no form support for now; when we have NIM posting
support, reinstate, and
// LIMIT TO METHOD=GET !!!
- // nextgens : Why ? spiders ?
allowedTagsVerifiers.put(
"form",
- new CoreTagVerifier(
+ new FormTagVerifier(
"form",
new String[] {
"method",
@@ -1583,6 +1582,28 @@
}
}
+ // We do not allow forms to act anywhere else than on /
+ static class FormTagVerifier extends CoreTagVerifier{
+ FormTagVerifier(
+ String tag,
+ String[] allowedAttrs,
+ String[] uriAttrs,
+ String[] eventAttrs) {
+ super(tag, allowedAttrs, uriAttrs, eventAttrs);
+ }
+
+ Hashtable sanitizeHash(
+ Hashtable h,
+ ParsedTag p,
+ HTMLParseContext pc) throws DataFilterException {
+ Hashtable hn = super.sanitizeHash(h, p, pc);
+ // Action has been previously sanitized, we force it :p
+ hn.put("action","/");
+
+ return hn;
+ }
+ }
+
static class MetaTagVerifier extends TagVerifier {
MetaTagVerifier() {
super("meta", new String[] { "id" });
