Author: nextgens
Date: 2006-05-16 20:30:21 +0000 (Tue, 16 May 2006)
New Revision: 8719
Modified:
trunk/freenet/src/freenet/clients/http/filter/HTMLFilter.java
Log:
Content filter now forbit <input type="file" as it can be harmfull
Modified: trunk/freenet/src/freenet/clients/http/filter/HTMLFilter.java
===================================================================
--- trunk/freenet/src/freenet/clients/http/filter/HTMLFilter.java
2006-05-16 20:01:38 UTC (rev 8718)
+++ trunk/freenet/src/freenet/clients/http/filter/HTMLFilter.java
2006-05-16 20:30:21 UTC (rev 8719)
@@ -988,7 +988,7 @@
new String[] { "onsubmit", "onreset" }));
allowedTagsVerifiers.put(
"input",
- new CoreTagVerifier(
+ new InputTagVerifier(
"input",
new String[] {
"accesskey",
@@ -1499,6 +1499,7 @@
hn.put(name, arg);
}
}
+
return hn;
}
}
@@ -1604,6 +1605,28 @@
}
}
+ static class InputTagVerifier extends CoreTagVerifier{
+ InputTagVerifier(
+ String tag,
+ String[] allowedAttrs,
+ String[] uriAttrs,
+ String[] eventAttrs) {
+ super(tag, allowedAttrs, uriAttrs, eventAttrs);
+ }
+
+ Hashtable sanitizeHash(
+ Hashtable h,
+ ParsedTag p,
+ HTMLParseContext pc) throws DataFilterException {
+ Hashtable hn = super.sanitizeHash(h, p, pc);
+ // We dont want to allow type=file
+ if(((String)hn.get("type")).equalsIgnoreCase("file"))
+ return null;
+
+ return hn;
+ }
+ }
+
static class MetaTagVerifier extends TagVerifier {
MetaTagVerifier() {
super("meta", new String[] { "id" });
