Ticket #7910: secureJSON.diff
| File secureJSON.diff, 2.5 kB (added by Tobie, 2 years ago) |
|---|
-
test/unit/string.html
old new 409 409 attackTarget = "Not scared!"; 410 410 assertRaise('SyntaxError', function(){dangerous.evalJSON(true)}); 411 411 assertEqual("Not scared!", attackTarget); 412 }} 412 413 assertEqual('hello world!', ('/*-secure-\n' + valid + '\n*/').evalJSON().test); 414 var temp = Prototype.SecurityDelimiterPattern; 415 Prototype.SecurityDelimiterPattern = /^\/\*(.*)\*\/$/; // test custom delimiters. 416 assertEqual('hello world!', ('/*' + valid + '*/').evalJSON().test); 417 Prototype.SecurityDelimiterPattern = temp; 418 }} 413 419 }, 'testlog'); 414 420 // ]]> 415 421 </script> -
src/prototype.js
old new 19 19 20 20 ScriptFragment: '(?:<script.*?>)((\n|\r|.)*?)(?:<\/script>)', 21 21 emptyFunction: function() {}, 22 K: function(x) { return x } 22 K: function(x) { return x }, 23 SecurityDelimiterPattern: /^\/\*-secure-\s*(.*)\s*\*\/\s*$/ 23 24 } 24 25 25 26 <%= include 'base.js', 'string.js' %> -
src/string.js
old new 164 164 }, 165 165 166 166 evalJSON: function(sanitize) { 167 var json = this.sub(Prototype.SecurityDelimiterPattern, function(m){return m[1];}); 167 168 try { 168 if (!sanitize || (/^("(\\.|[^"\\\n\r])*?"|[,:{}\[\]0-9.\-+Eaeflnr-u \n\r\t])+?$/.test( this)))169 return eval('(' + this+ ')');169 if (!sanitize || (/^("(\\.|[^"\\\n\r])*?"|[,:{}\[\]0-9.\-+Eaeflnr-u \n\r\t])+?$/.test(json))) 170 return eval('(' + json + ')'); 170 171 } catch (e) {} 171 172 throw new SyntaxError('Badly formated JSON string: ' + this.inspect()); 172 173 }, -
src/ajax.js
old new 212 212 evalJSON: function() { 213 213 try { 214 214 var json = this.getHeader('X-JSON'); 215 return json ? eval('(' + json + ')') : null;215 return json ? json.evalJSON() : null; 216 216 } catch (e) { return null } 217 217 }, 218 218 219 219 evalResponse: function() { 220 220 try { 221 return eval(this.transport.responseText); 221 return eval(this.transport.responseText. 222 sub(Prototype.SecurityDelimiterPattern, function(m){ return m[1] })); 222 223 } catch (e) { 223 224 this.dispatchException(e); 224 225 }
