admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

UWVA#72186 Toevallig zie ik een XSS door missende safe.html

Browse Source 
svn path=/Website/branches/v2022.1/; revision=55663
This commit is contained in:
Jos Groot Lipman
2022-04-21 13:57:39 +00:00
parent 4ccd1c8d92
commit 01db15b4b9
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
APPL/CAD/LoadInsLegenda.asp
View File

@@ -137,8 +137,8 @@ var lastDisc = -1; // Tussen/title regeltjes
src="mysymbol.asp?forceBW=1&paperColor=0&sizeX=72&sizeY=72&scale=950&offsetX=3&offsetY=3&srtdeel=<%=oRs("ins_srtdeel_key").value%>" src="mysymbol.asp?forceBW=1&paperColor=0&sizeX=72&sizeY=72&scale=950&offsetX=3&offsetY=3&srtdeel=<%=oRs("ins_srtdeel_key").value%>"
<%= (objectmove ? " onmousedown='(function(evt){evt.preventDefault && evt.preventDefault()})(event)'" : "")%> > <%= (objectmove ? " onmousedown='(function(evt){evt.preventDefault && evt.preventDefault()})(event)'" : "")%> >
</td> </td>
<td class="leginsname" title="<%=oRs("ins_srtgroep_omschrijving").value%>"> <td class="leginsname" title="<%=safe.htmlattr(oRs("ins_srtgroep_omschrijving").value)%>">
<%=oRs("ins_srtdeel_omschrijving").value + "<span class='leginsnr' title='"+safe.htmlattr(L("lcl_fg_obj_aantal").format(oRs("aantal").value))+"'>(" + oRs("aantal").value + "x)</span>"%> <%=safe.html(oRs("ins_srtdeel_omschrijving").value) + "<span class='leginsnr' title='"+safe.htmlattr(L("lcl_fg_obj_aantal").format(oRs("aantal").value))+"'>(" + oRs("aantal").value + "x)</span>"%>
</td> </td>
</tr> </tr>
<% } <% }