On Thursday 11 December 2008 02:11, j16sdiz at freenetproject.org wrote:
> Author: j16sdiz
> Date: 2008-12-11 02:11:21 +0000 (Thu, 11 Dec 2008)
> New Revision: 24189
>
> Modified:
> trunk/plugins/XMLSpider/XMLSpider.java
> Log:
> store where did we found the page (for debugging)
>
> Modified: trunk/plugins/XMLSpider/XMLSpider.java
> ===================================================================
> --- trunk/plugins/XMLSpider/XMLSpider.java 2008-12-11 00:53:13 UTC (rev
24188)
> +++ trunk/plugins/XMLSpider/XMLSpider.java 2008-12-11 02:11:21 UTC (rev
24189)
...
> }
>
> for (Page page : it)
> - out.append("<code>" + page.uri + "</code><br/>");
> + out.append("<code title=\"" +
> page.comment.replace("\"", """)
+ "\">" + page.uri + "</code><br/>");
PLEASE encode these properly using HTMLEncoder. The above is a security risk.
Both the old version and the new version. And several below too.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
URL:
<https://emu.freenetproject.org/pipermail/devl/attachments/20081211/4b931515/attachment.pgp>
