RWSN#54617 noscript toegevoegd aan de testpagina en XSS voorkomen

svn path=/Website/trunk/; revision=41555

APPL/FAC/fac_verify_client.asp

@@ -56,6 +56,14 @@ var ip = String(Request.ServerVariables("REMOTE_ADDR"));
     </style>
   </head>
 <body>
+
+  <noscript>
+    <div class="content aiai">
+      <h1 style="color:red">Aiai!</h1>
+      Javascript must be enabled to use FACILITOR.
+    </div>
+  </noscript>
+
   <script>
 
     $(function()
@@ -127,6 +135,7 @@ var ip = String(Request.ServerVariables("REMOTE_ADDR"));
               }
           }
       }
+
 */
 
       modernMsg = modernMsg.join("\n");
@@ -151,7 +160,7 @@ var ip = String(Request.ServerVariables("REMOTE_ADDR"));
                             + "<tr><td>Screen resolution: </td><td>" + resWidth + "x" + resHeight + "</td></tr>"
                             + "<tr><td>Viewport resolution: </td><td>" + scrnWidth + "x" + scrnHeight + "</td></tr></table>"
                             + "<br>Browser version:<br>"+navigator.userAgent+"<br><br>"
-                            + "<%=__DumpCollection(Session.Contents, { title: "Session", exclude: /ASPFIXATION|FACSESSIONID|RVT_TOKEN/i })%>"
+                            + "<%=safe.jsstring(__DumpCollection(Session.Contents, { title: "Session", exclude: /ASPFIXATION|FACSESSIONID|RVT_TOKEN/i }))%>"
                             + modernMsg
                             + "<br><br><span style='font-size:0.8em;'>FACILITOR <%=(toISODateTimeString(new Date()))%></span>"
                             + "<br><span style='font-size:0.8em;'><%=safe.jsstring(HTTP.urlzelf())%></span>");