Mejorada seguridad contra ataques XSS
This commit is contained in:
parent
19731fd618
commit
93791063d0
|
@ -110,6 +110,7 @@ setcookie ('hedera_version', Web::getVersion ());
|
|||
|
||||
$basePath = 'pages/'. $page;
|
||||
|
||||
header ("Content-Security-Policy: default-src 'self'; img-src *");
|
||||
header ('Content-Type: text/html; charset=utf-8');
|
||||
|
||||
if (file_exists ($basePath))
|
||||
|
|
|
@ -68,7 +68,7 @@ Vn.Module = new Class
|
|||
var klassName = this.toCamelCase (this.moduleName);
|
||||
|
||||
try {
|
||||
this.klass = eval (klassName);
|
||||
this.klass = Vn[klassName];
|
||||
}
|
||||
catch (e)
|
||||
{
|
||||
|
@ -85,7 +85,7 @@ Vn.Module = new Class
|
|||
|
||||
,toCamelCase: function (dashedName)
|
||||
{
|
||||
var camelCase = 'Vn.'+ dashedName.charAt (0).toUpperCase ();
|
||||
var camelCase = dashedName.charAt (0).toUpperCase ();
|
||||
camelCase += dashedName.substr (1).replace (/\w\-\w/g, function (token)
|
||||
{
|
||||
return token.charAt (0) + token.charAt (2).toUpperCase ();
|
||||
|
|
|
@ -527,19 +527,9 @@ Vn.Builder = new Class
|
|||
,_getMethod: function (value)
|
||||
{
|
||||
if (this.signalData)
|
||||
var methodName = 'this.signalData.'+ value;
|
||||
var method = this.signalData[value];
|
||||
else
|
||||
var methodName = value;
|
||||
|
||||
var method;
|
||||
|
||||
try {
|
||||
method = eval (methodName);
|
||||
}
|
||||
catch (e)
|
||||
{
|
||||
method = undefined;
|
||||
}
|
||||
var method = window[value];
|
||||
|
||||
if (method === undefined)
|
||||
this._showError ('Function \'%s\' not found', value);
|
||||
|
|
|
@ -44,7 +44,7 @@ Vn.Locale =
|
|||
if (request.status == 200)
|
||||
{
|
||||
try {
|
||||
this.add (eval ('('+ request.responseText +')'));
|
||||
this.add (JSON.parse (request.responseText));
|
||||
success = true;
|
||||
}
|
||||
catch (e) {
|
||||
|
|
Loading…
Reference in New Issue