Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Need to escape id3 tags #7

Open
GoogleCodeExporter opened this issue Apr 21, 2015 · 2 comments
Open

Need to escape id3 tags #7

GoogleCodeExporter opened this issue Apr 21, 2015 · 2 comments
Labels
auto-migrated Component-Scripts Priority-Medium Security Type-Defect

Comments

@GoogleCodeExporter
Copy link 

A malicious id3 tag may cause security risk if displayed directly
1. id3 tag containing html markup might adversely affect display
2. an intentionally constructed id3 tag might embed an undesired javascript
into a page.

The solution is to either not display tags, or escape them before displaying.

Original issue reported on code.google.com by mico.dr...@gmail.com on 20 Sep 2009 at 6:55
@GoogleCodeExporter
Copy link
Author 

OPEN:
AnOggPlayer.hx

FIND:
comments = comments +"=\""+StringTools.replace(comment[1],"\"","\"\"")+"\";";

REPLACE WITH:
comments = comments +"=\""+StringTools. htmlEscape 
(StringTools.replace(comment[1],"\"","\"\""))+"\";";

Original comment by Yahav.Sh...@gmail.com on 18 Aug 2010 at 3:20

@GoogleCodeExporter
Copy link
Author 

REPLACE WITH:
comments = comments 
+"=\""+StringTools.htmlEscape(StringTools.replace(comment[1],"\"","\"\""))+"\";"
;


(REMOVED THE SPACES)

Original comment by Yahav.Sh...@gmail.com on 18 Aug 2010 at 3:21

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auto-migrated Component-Scripts Priority-Medium Security Type-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter