There's a bug in the _Clean function such that the entire string may not get cleaned correctly to prevent XSS.
IE. A string "<h1>hello</h1>bogus</div>" returns "<h1>hello</h1>bogus</div>" which obviously is not correct.
Original Code:
NetWebServerWorker._Clean PROCEDURE (String p_html)
loc:Html String(NET:MaxBinData)
x long
y long
code
loc:Html = p_Html
x = len(clip(loc:Html))
y = 0
loop
y += 1
if y > x then break.
case val(loc:html[y])
of 60 ! <
orof 62 ! >
orof 34 ! "
orof 35 ! #
orof 39 ! '
orof 59 ! ;
orof 38 ! &
loc:html = sub(loc:html,1,y-1) & '&#' & val(loc:html[y]) &';' & sub(loc:html,y+1,size(loc:html)-y)
y += 4
End
end
return clip(loc:Html)
New Code - Note the insertion of x+=4 to increase the len string...
NetWebServerWorker._Clean PROCEDURE (String p_html)
loc:Html String(NET:MaxBinData)
x long
y long
code
loc:Html = p_Html
x = len(clip(loc:Html))
y = 0
loop
y += 1
if y > x then break.
case val(loc:html[y])
of 60 ! <
orof 62 ! >
orof 34 ! "
orof 35 ! #
orof 39 ! '
orof 59 ! ;
orof 38 ! &
loc:html = sub(loc:html,1,y-1) & '&#' & val(loc:html[y]) &';' & sub(loc:html,y+1,size(loc:html)-y)
y += 4
x += 4 ! offset length since we just inserted more
End
end
return clip(loc:Html)
I would suggest this gets fixed in a subsequent release.
HTH
Topic: NOTE: Issue with NetWebServerWorker._Clean in NETWEB.CLW / 4.29 (Read 14018 times)