0
1
Fork 0

Mejorada seguridad contra ataques XSS

This commit is contained in:
Juan Ferrer Toribio 2016-07-23 00:36:38 +02:00
parent 19731fd618
commit 93791063d0
4 changed files with 6 additions and 15 deletions

View File

@ -110,6 +110,7 @@ setcookie ('hedera_version', Web::getVersion ());
$basePath = 'pages/'. $page; $basePath = 'pages/'. $page;
header ("Content-Security-Policy: default-src 'self'; img-src *");
header ('Content-Type: text/html; charset=utf-8'); header ('Content-Type: text/html; charset=utf-8');
if (file_exists ($basePath)) if (file_exists ($basePath))

View File

@ -68,7 +68,7 @@ Vn.Module = new Class
var klassName = this.toCamelCase (this.moduleName); var klassName = this.toCamelCase (this.moduleName);
try { try {
this.klass = eval (klassName); this.klass = Vn[klassName];
} }
catch (e) catch (e)
{ {
@ -85,7 +85,7 @@ Vn.Module = new Class
,toCamelCase: function (dashedName) ,toCamelCase: function (dashedName)
{ {
var camelCase = 'Vn.'+ dashedName.charAt (0).toUpperCase (); var camelCase = dashedName.charAt (0).toUpperCase ();
camelCase += dashedName.substr (1).replace (/\w\-\w/g, function (token) camelCase += dashedName.substr (1).replace (/\w\-\w/g, function (token)
{ {
return token.charAt (0) + token.charAt (2).toUpperCase (); return token.charAt (0) + token.charAt (2).toUpperCase ();

View File

@ -527,19 +527,9 @@ Vn.Builder = new Class
,_getMethod: function (value) ,_getMethod: function (value)
{ {
if (this.signalData) if (this.signalData)
var methodName = 'this.signalData.'+ value; var method = this.signalData[value];
else else
var methodName = value; var method = window[value];
var method;
try {
method = eval (methodName);
}
catch (e)
{
method = undefined;
}
if (method === undefined) if (method === undefined)
this._showError ('Function \'%s\' not found', value); this._showError ('Function \'%s\' not found', value);

View File

@ -44,7 +44,7 @@ Vn.Locale =
if (request.status == 200) if (request.status == 200)
{ {
try { try {
this.add (eval ('('+ request.responseText +')')); this.add (JSON.parse (request.responseText));
success = true; success = true;
} }
catch (e) { catch (e) {