nginx: src/core/ngx_string.c comparison

msie_refresh should escape at least '"' to prevent XSS

comparison

equal deleted inserted replaced

-:4ec0bc95172b
+:458e041fc902
 0xffffffff, /* 1111 1111 1111 1111  1111 1111 1111 1111 */
 0xffffffff, /* 1111 1111 1111 1111  1111 1111 1111 1111 */
 0xffffffff  /* 1111 1111 1111 1111  1111 1111 1111 1111 */
 };
+/* " ", """, "'", %00-%1F, %7F-%FF */
-switch (type) {
-case NGX_ESCAPE_HTML:
+static uint32_t   refresh[] = {
-escape = html;
+0xffffffff, /* 1111 1111 1111 1111  1111 1111 1111 1111 */
-break;
-case NGX_ESCAPE_ARGS:
+/* ?>=< ;:98 7654 3210  /.-, +*)( '&%$ #"!  */
-escape = args;
+0x00000085, /* 0000 0000 0000 0000  0000 0000 1000 0101 */
-break;
-default:
+/* _^]\ [ZYX WVUT SRQP  ONML KJIH GFED CBA@ */
-escape = uri;
+0x00000000, /* 0000 0000 0000 0000  0000 0000 0000 0000 */
-break;
-}
+/*  ~}| {zyx wvut srqp  onml kjih gfed cba` */
+0x80000000, /* 1000 0000 0000 0000  0000 0000 0000 0000 */
+0xffffffff, /* 1111 1111 1111 1111  1111 1111 1111 1111 */
+0xffffffff, /* 1111 1111 1111 1111  1111 1111 1111 1111 */
+0xffffffff, /* 1111 1111 1111 1111  1111 1111 1111 1111 */
+0xffffffff  /* 1111 1111 1111 1111  1111 1111 1111 1111 */
+};
+static uint32_t  *map[] = { uri, args, html, refresh };
+escape = map[type];
 if (dst == NULL) {
 /* find the number of the characters to be escaped */

Mercurial > hg > nginx