good catch Marco. the code previously stripped out newlines and equal signs (intended to keep people from adding bookmarks that could overwrite other config options), but didn't handle internationalized characters or other control characters. A patch to strip all but specifically allowed characters is up in freenet at: CHK at w014DiybqbvMAz4-bnDwaU1UgFcOAwI,s9jeq1A4D7Aj5F6KZDxCLA/bookmarkManagerServlet_internationalizedSafe.diff (this is a cvs diff -c src/freenet/node/http/BookmarkManagerServlet.java)
Toad's kinda busy atm doing nio stuff, so if anyone with commit privs could toss that on there, that'd be cool. Basically, it has four sets of rules for the four different bookmark attributes. All attributes support the current' character set's alphanumerics, plus: key: "-/.,@!#$^*()_" title: "-/.,@!#$^*()_ " description: "-/.,@!#$^*()_ " activelinkFile: "." So any character that isn't a letter, number, or part of the appropriate allowed set outlined above is removed. If anyone can think of any other characters that should be added to one of those lists, or characters that should be removed, please let me know (or mod the code). gracias, -jrandom !+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+ CryptoMail provides free end-to-end message encryption. http://www.cryptomail.org/ Ensure your right to privacy. Traditional email messages are not secure. They are sent as clear-text and thus are readable by anyone with the motivation to acquire a copy. !+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+!+ _______________________________________________ devl mailing list devl at freenetproject.org http://hawk.freenetproject.org:8080/cgi-bin/mailman/listinfo/devl
