diff options
author | Ingo Schwarze <schwarze@openbsd.org> | 2014-07-22 18:14:13 +0000 |
---|---|---|
committer | Ingo Schwarze <schwarze@openbsd.org> | 2014-07-22 18:14:13 +0000 |
commit | 65cb0941933336f1e6502825398c255d1c4d858e (patch) | |
tree | 11ee75f6928885dd7b2a288c785cb7d30b23c602 /msec.in | |
parent | 8b2475f4e584d019268fec8ade22101de40acada (diff) | |
download | mandoc-65cb0941933336f1e6502825398c255d1c4d858e.tar.gz |
Security fix to prevent XSS attacks:
Restrict the character set of strings passed into html_alloc(),
in particular architecture names that come from the QUERY_STRING,
but also SCRIPT_NAME and manpath.conf content for additional safety,
and bail out safely on violations.
Issue reported by Sebastien Marie <semarie-openbsd at latrappe dot fr>.
Diffstat (limited to 'msec.in')
0 files changed, 0 insertions, 0 deletions