zcy
/
svgedit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Require extensions to begin with "ext-" and end with ".js" to prevent URL-prompted loading of other files within the extPath. 

git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2712 eee81c28-f429-11dd-99c0-75d572ba1ddd
master
Brett Zamir 2014-02-19 05:26:46 +00:00
parent 48f6dd42ca
commit bb75f34ec3
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
editor/svg-editor.js
View File

@ -537,6 +537,9 @@ TO-DOS
var extFunc = function() { var extFunc = function() {
$.each(curConfig.extensions, function() { $.each(curConfig.extensions, function() {
var extname = this; var extname = this;
if (!extname.match(/^ext-.*\.js/)) { // Ensure URL cannot specify some other unintended file in the extPath
return;
}
$.getScript(curConfig.extPath + extname, function(d) { $.getScript(curConfig.extPath + extname, function(d) {
// Fails locally in Chrome 5 // Fails locally in Chrome 5
if (!d) { if (!d) {