Changeset 242


Ignore:
Timestamp:
Mar 24, 2007, 8:32:46 AM (15 years ago)
Author:
andersk
Message:
HTML attributes need to be escaped.  (I don't really want to think about 
what kinds of XSS attacks this would have enabled, especially once we 
get *.scripts.mit.edu...)
File:
1 edited

Legend:

Unmodified
Added
Removed
  • vhosts/server.php

    r132 r242  
    5252?>
    5353<html>
    54 <head><title><?=$myTitle?></title></head>
     54<head><title><?=htmlspecialchars($myTitle)?></title></head>
    5555
    5656<frameset rows="*">
    57         <frame src="<?=$baseURL?><?=$req?>" />
     57        <frame src="<?=htmlspecialchars($baseURL . $req)?>" />
    5858</frameset>
    5959
Note: See TracChangeset for help on using the changeset viewer.