lelo
Starting Member
7 Posts |
Posted - 21 May 2002 : 06:39:01
|
quote: in your inc_functions.asp, in the ReplaceImageTags function find this section of code:
strUrlText = replace(strUrlText, """", "") ' ## filter out " '## Added to exclude Javascript and other potentially hazardous characters strUrlText = replace(strUrlText, "&", "", 1, -1, 1) ' ## filter out & strUrlText = replace(strUrlText, "#", "", 1, -1, 1) ' ## filter out # strUrlText = replace(strUrlText, ";", "", 1, -1, 1) ' ## filter out ; strUrlText = replace(strUrlText, "+", "", 1, -1, 1) ' ## filter out + strUrlText = replace(strUrlText, "(", "", 1, -1, 1) ' ## filter out ( strUrlText = replace(strUrlText, ")", "", 1, -1, 1) ' ## filter out ) strUrlText = replace(strUrlText, "[", "", 1, -1, 1) ' ## filter out [ strUrlText = replace(strUrlText, "]", "", 1, -1, 1) ' ## filter out ] strUrlText = replace(strUrlText, "=", "", 1, -1, 1) ' ## filter out = strUrlText = replace(strUrlText, "*", "", 1, -1, 1) ' ## filter out * strUrlText = replace(strUrlText, "'", "", 1, -1, 1) ' ## filter out ' strUrlText = replace(strUrlText, "javascript", "", 1, -1, 1) ' ## filter out javascript add the following to that section:
strUrlText = replace(strUrlText, "vbscript", "", 1, -1, 1) ' ## filter out vbscript strUrlText = replace(strUrlText, "mailto", "", 1, -1, 1) ' ## filter out mailto
in 3.3.02 the first part there isn't, only: quote: strUrlText = replace(strUrlText, """", "") ' ## filter out " strUrlText = replace(strUrlText, "<", "") ' ## filter out <strUrlText = replace(strUrlText, ">", "") ' ## filter out > strResultString = strResultString & roTag & strUrlText & rcTag & strArray2(1)
so i'm made like this: quote: strUrlText = replace(strUrlText, """", "") ' ## filter out "strUrlText = replace(strUrlText, "<", "") ' ## filter out <strUrlText = replace(strUrlText, ">", "") ' ## filter out > strUrlText = replace(strUrlText, "&", "", 1, -1, 1) ' ## filter out & strUrlText = replace(strUrlText, "#", "", 1, -1, 1) ' ## filter out # strUrlText = replace(strUrlText, ";", "", 1, -1, 1) ' ## filter out ; strUrlText = replace(strUrlText, "+", "", 1, -1, 1) ' ## filter out + trUrlText = replace(strUrlText, "(", "", 1, -1, 1) ' ## filter out ( strUrlText = replace(strUrlText, ")", "", 1, -1, 1) ' ## filter out ) strUrlText = replace(strUrlText, "[", "", 1, -1, 1) ' ## filter out [ strUrlText = replace(strUrlText, "]", "", 1, -1, 1) ' ## filter out ] strUrlText = replace(strUrlText, "=", "", 1, -1, 1) ' ## filter out = strUrlText = replace(strUrlText, "*", "", 1, -1, 1) ' ## filter out * strUrlText = replace(strUrlText, "'", "", 1, -1, 1) ' ## filter out ' strUrlText = replace(strUrlText, "javascript", "", 1, -1, 1) ' ## filter out javascript strUrlText = replace(strUrlText, "vbscript", "", 1, -1, 1) ' ## filter out vbscript strUrlText = replace(strUrlText, "mailto", "", 1, -1, 1) ' ## filter out mailto strResultString = strResultString & roTag & strUrlText & rcTag & strArray2(1)
It's good change??
Edited by - lelo on 21 May 2002 06:42:43 |
 |
|