File: html-textarea-xss.diff

package info (click to toggle)
tcllib 1.14-dfsg-3%2Bdeb7u1
  • links: PTS
  • area: main
  • in suites: wheezy
  • size: 33,036 kB
  • sloc: tcl: 148,302; ansic: 14,067; sh: 10,320; xml: 1,766; yacc: 753; pascal: 551; makefile: 129; perl: 84; f90: 84; python: 33; ruby: 13; php: 11
file content (16 lines) | stat: -rw-r--r-- 548 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
 
Author: upstream
Description: Patch fixes an XSS vulnerability in <textarea/> HTML element in
    the html Tcllib module
Last-Modified: Mon, 09 Mar 2015 15:06:15 +0300

--- a/modules/html/html.tcl
+++ b/modules/html/html.tcl
@@ -912,7 +912,7 @@
 #	The html fragment
 
 proc ::html::textarea {name {param {}} {current {}}} {
-    ::set value [ncgi::value $name $current]
+    ::set value [quoteFormValue [ncgi::value $name $current]]
     return "<[string trimright \
 	"textarea name=\"$name\"\
 		[tagParam textarea $param]"]>$value</textarea>\n"