ashatora/openlayers
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Since the Sundials is our primary KML + bubbles example, put in some naive

Browse Source 
Javascript <script> injection protection, so that people are at least aware
of the issue. This will search for <script and if it exists, escape the content
so that it doesn't execute. 


git-svn-id: http://svn.openlayers.org/trunk/openlayers@7679 dc9f47b5-9b13-0410-9fdd-eb0c1a62fdaf
This commit is contained in:
crschmidt
2008-08-02 21:56:25 +00:00
parent f1882f0efa
commit d437dec91c
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
examples/sundials.html
+7 -1
View File
@@ -45,10 +45,16 @@
} }
function onFeatureSelect(feature) { function onFeatureSelect(feature) {
selectedFeature = feature; selectedFeature = feature;
// Since KML is user-generated, do naive protection against
// Javascript.
var content = "<h2>"+feature.attributes.name + "</h2>" + feature.attributes.description;
if (content.search("<script") != -1) {
content = "Content contained Javascript! Escaped content below.<br />" + content.replace(/</g, "&lt;");
}
popup = new OpenLayers.Popup.FramedCloud("chicken", popup = new OpenLayers.Popup.FramedCloud("chicken",
feature.geometry.getBounds().getCenterLonLat(), feature.geometry.getBounds().getCenterLonLat(),
new OpenLayers.Size(100,100), new OpenLayers.Size(100,100),
"<h2>"+feature.attributes.name + "</h2>" + feature.attributes.description, content,
null, true, onPopupClose); null, true, onPopupClose);
feature.popup = popup; feature.popup = popup;
map.addPopup(popup); map.addPopup(popup);