This is an automated email from the git hooks/post-receive script. fsfs pushed a commit to annotated tag release/0.10-TRIAL in repository libhtml-scrubber-perl.
commit e281c77e07a30ca61635b9b6672291ea25859e87 Author: Nigel Metheringham <[email protected]> Date: Tue Feb 7 21:22:55 2012 +0000 RT3008 Changed examples to be XSS free --- Changes | 1 + lib/HTML/Scrubber.pm | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/Changes b/Changes index 399943c..7d16e79 100644 --- a/Changes +++ b/Changes @@ -1,6 +1,7 @@ Revision history for Perl extension HTML::Scrubber. {{$NEXT}} + - RT3008 Changed examples to be XSS free 0.09 2011-04-01 16:35:50 Europe/London - Basic conversion to Dist::Zilla/git diff --git a/lib/HTML/Scrubber.pm b/lib/HTML/Scrubber.pm index 23ff39d..b018ea1 100644 --- a/lib/HTML/Scrubber.pm +++ b/lib/HTML/Scrubber.pm @@ -564,11 +564,11 @@ the default attribute rule is applied. 0 => # default rule, deny all tags { '*' => 1, # default rule, allow all attributes - 'href' => qr{^(?!(?:java)?script)}i, - 'src' => qr{^(?!(?:java)?script)}i, + 'href' => qr{^(?:http|https|ftp)://}i, + 'src' => qr{^(?:http|https|ftp)://}i, # If your perl doesn't have qr # just use a string with length greater than 1 - 'cite' => '(?i-xsm:^(?!(?:java)?script))', + 'cite' => '(?i-xsm:^(?:http|https|ftp):)', 'language' => 0, 'name' => 1, # could be sneaky, but hey ;) 'onblur' => 0, -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libhtml-scrubber-perl.git _______________________________________________ Pkg-perl-cvs-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-perl-cvs-commits
