Skip to content

Commit

Permalink
Merge pull request #3 from ilatypov/master
Browse files Browse the repository at this point in the history 
Avoid an XSS issue #2
  • Loading branch information
@victorwon
victorwon committed May 18, 2017
2 parents 170cf6c + 739ce8c commit 020dd92
Show file tree
Hide file tree
Showing 95 changed files with 1,644 additions and 88 deletions.
16 changes: 15 additions & 1 deletion FlatCalXP/demos/Classic/iflateng.htm
View file
@@ -1,6 +1,6 @@
<html>
<head>
<title>FlatCalendarXP 10.0.0 - Copyright Idemfactor Solutions, Inc.</title>
<title>FlatCalendarXP 10.0.1 - Copyright Idemfactor Solutions, Inc.</title>
<script type='text/javascript'>
var gd=new Date(), gToday=[gd.getFullYear(),gd.getMonth()+1,gd.getDate()];
var ua=navigator.userAgent.toLowerCase();
Expand All @@ -9,6 +9,20 @@
var NN4=false,NS6=ua.indexOf("netscape6/6.0")!=-1,IE4=IE&&!document.getElementById,IE5=IE&&![].push&&!IE4;
var gfSelf=fGetById(parent.document,self.name);
var gTheme=self.name.split(":");
if (/[\\'("`;\r\n]/.test(self.name)
|| /[\.]/.test(gTheme[0])
|| (gTheme[2]&&gTheme[2].substring(0,6)=="share[" && /[\.]/.test(gTheme[2]))
|| /[\.]/.test(gTheme[3])) {
var offendingName = self.name;
// Set default values for subsequent script tags
self.name="gToday:normal:agenda.js";
gTheme=self.name.split(":");
var err = ("This version of CalendarXP tries to avoid malicious XSS input but may fail passing benign parameters."
+ "\n******** Offending iframe name: ********\n" + offendingName + "\n************************\n");
console.log(err);
alert(err);
throw new Error(err);
}
var gCurMonth=eval(gTheme[0]); gCurMonth=fCalibrate(gCurMonth[0],gCurMonth[1]);
var gContainer=parent,gDays=[31,31,28,31,30,31,30,31,31,30,31,30,31],g445=[1,5,9,14,18,22,27,31,35,40,44,48,53];
var fOnResize,fRepaint,fHoliday,fOnChange,fAfterSelected,fOnDrag,gcOtherDayBG,fOnWeekClick,fIsSelected,fParseInput,fFormatInput,fOnDoWClick,fOnload;
Expand Down
16 changes: 15 additions & 1 deletion FlatCalXP/demos/Classic/nflateng.htm
View file
@@ -1,6 +1,6 @@
<html>
<head>
<title>FlatCalendarXP 10.0.0 - Copyright Idemfactor Solutions, Inc.</title>
<title>FlatCalendarXP 10.0.1 - Copyright Idemfactor Solutions, Inc.</title>
<style type="text/css">
.cxpNS {text-align:left;}
.cxpLT {text-decoration:line-through;}
Expand All @@ -13,6 +13,20 @@
var MAC=ua.indexOf('mac')!=-1,NN4=true,OP=NS6=IE5=IE4=IE=KO3=KO=SA=SA1=GK=OP8=false;
var gfSelf=this;
var gTheme=this.name.split(":");
if (/[\\'("`;\r\n]/.test(gfSelf.name)
|| /[\.]/.test(gTheme[0])
|| (gTheme[2]&&gTheme[2].substring(0,6)=="share[" && /[\.]/.test(gTheme[2]))
|| /[\.]/.test(gTheme[3])) {
var offendingName = gfSelf.name;
// Set default values for subsequent script tags
gfSelf.name="gToday:normal:agenda.js";
gTheme=gfSelf.name.split(":");
var err = ("This version of CalendarXP tries to avoid malicious XSS input but may fail passing benign parameters."
+ "\n******** Offending iframe name: ********\n" + offendingName + "\n************************\n");
console.log(err);
alert(err);
throw new Error(err);
}
var gCurMonth=eval(gTheme[0]); gCurMonth=fCalibrate(gCurMonth[0],gCurMonth[1]);
var gContainer=self,gDays=[31,31,28,31,30,31,30,31,31,30,31,30,31],g445=[1,5,9,14,18,22,27,31,35,40,44,48,53];
var fOnResize,fRepaint,fHoliday,fOnChange,fAfterSelected,fOnDrag,gcOtherDayBG,fOnWeekClick,fIsSelected,fParseInput,fFormatInput,fOnDoWClick,fOnload;
Expand Down
16 changes: 15 additions & 1 deletion FlatCalXP/demos/Fin445/iflateng.htm
View file
@@ -1,6 +1,6 @@
<html>
<head>
<title>FlatCalendarXP 10.0.0 - Copyright Idemfactor Solutions, Inc.</title>
<title>FlatCalendarXP 10.0.1 - Copyright Idemfactor Solutions, Inc.</title>
<script type='text/javascript'>
var gd=new Date(), gToday=[gd.getFullYear(),gd.getMonth()+1,gd.getDate()];
var ua=navigator.userAgent.toLowerCase();
Expand All @@ -9,6 +9,20 @@
var NN4=false,NS6=ua.indexOf("netscape6/6.0")!=-1,IE4=IE&&!document.getElementById,IE5=IE&&![].push&&!IE4;
var gfSelf=fGetById(parent.document,self.name);
var gTheme=self.name.split(":");
if (/[\\'("`;\r\n]/.test(self.name)
|| /[\.]/.test(gTheme[0])
|| (gTheme[2]&&gTheme[2].substring(0,6)=="share[" && /[\.]/.test(gTheme[2]))
|| /[\.]/.test(gTheme[3])) {
var offendingName = self.name;
// Set default values for subsequent script tags
self.name="gToday:normal:agenda.js";
gTheme=self.name.split(":");
var err = ("This version of CalendarXP tries to avoid malicious XSS input but may fail passing benign parameters."
+ "\n******** Offending iframe name: ********\n" + offendingName + "\n************************\n");
console.log(err);
alert(err);
throw new Error(err);
}
var gCurMonth=eval(gTheme[0]); gCurMonth=fCalibrate(gCurMonth[0],gCurMonth[1]);
var gContainer=parent,gDays=[31,31,28,31,30,31,30,31,31,30,31,30,31],g445=[1,5,9,14,18,22,27,31,35,40,44,48,53];
var fOnResize,fRepaint,fHoliday,fOnChange,fAfterSelected,fOnDrag,gcOtherDayBG,fOnWeekClick,fIsSelected,fParseInput,fFormatInput,fOnDoWClick,fOnload;
Expand Down
16 changes: 15 additions & 1 deletion FlatCalXP/demos/Fin445/nflateng.htm
View file
@@ -1,6 +1,6 @@
<html>
<head>
<title>FlatCalendarXP 10.0.0 - Copyright Idemfactor Solutions, Inc.</title>
<title>FlatCalendarXP 10.0.1 - Copyright Idemfactor Solutions, Inc.</title>
<style type="text/css">
.cxpNS {text-align:left;}
.cxpLT {text-decoration:line-through;}
Expand All @@ -13,6 +13,20 @@
var MAC=ua.indexOf('mac')!=-1,NN4=true,OP=NS6=IE5=IE4=IE=KO3=KO=SA=SA1=GK=OP8=false;
var gfSelf=this;
var gTheme=this.name.split(":");
if (/[\\'("`;\r\n]/.test(gfSelf.name)
|| /[\.]/.test(gTheme[0])
|| (gTheme[2]&&gTheme[2].substring(0,6)=="share[" && /[\.]/.test(gTheme[2]))
|| /[\.]/.test(gTheme[3])) {
var offendingName = gfSelf.name;
// Set default values for subsequent script tags
gfSelf.name="gToday:normal:agenda.js";
gTheme=gfSelf.name.split(":");
var err = ("This version of CalendarXP tries to avoid malicious XSS input but may fail passing benign parameters."
+ "\n******** Offending iframe name: ********\n" + offendingName + "\n************************\n");
console.log(err);
alert(err);
throw new Error(err);
}
var gCurMonth=eval(gTheme[0]); gCurMonth=fCalibrate(gCurMonth[0],gCurMonth[1]);
var gContainer=self,gDays=[31,31,28,31,30,31,30,31,31,30,31,30,31],g445=[1,5,9,14,18,22,27,31,35,40,44,48,53];
var fOnResize,fRepaint,fHoliday,fOnChange,fAfterSelected,fOnDrag,gcOtherDayBG,fOnWeekClick,fIsSelected,fParseInput,fFormatInput,fOnDoWClick,fOnload;
Expand Down
16 changes: 15 additions & 1 deletion FlatCalXP/demos/Fullsized/iflateng.htm
View file
@@ -1,6 +1,6 @@
<html>
<head>
<title>FlatCalendarXP 10.0.0 - Copyright Idemfactor Solutions, Inc.</title>
<title>FlatCalendarXP 10.0.1 - Copyright Idemfactor Solutions, Inc.</title>
<script type='text/javascript'>
var gd=new Date(), gToday=[gd.getFullYear(),gd.getMonth()+1,gd.getDate()];
var ua=navigator.userAgent.toLowerCase();
Expand All @@ -9,6 +9,20 @@
var NN4=false,NS6=ua.indexOf("netscape6/6.0")!=-1,IE4=IE&&!document.getElementById,IE5=IE&&![].push&&!IE4;
var gfSelf=fGetById(parent.document,self.name);
var gTheme=self.name.split(":");
if (/[\\'("`;\r\n]/.test(self.name)
|| /[\.]/.test(gTheme[0])
|| (gTheme[2]&&gTheme[2].substring(0,6)=="share[" && /[\.]/.test(gTheme[2]))
|| /[\.]/.test(gTheme[3])) {
var offendingName = self.name;
// Set default values for subsequent script tags
self.name="gToday:normal:agenda.js";
gTheme=self.name.split(":");
var err = ("This version of CalendarXP tries to avoid malicious XSS input but may fail passing benign parameters."
+ "\n******** Offending iframe name: ********\n" + offendingName + "\n************************\n");
console.log(err);
alert(err);
throw new Error(err);
}
var gCurMonth=eval(gTheme[0]); gCurMonth=fCalibrate(gCurMonth[0],gCurMonth[1]);
var gContainer=parent,gDays=[31,31,28,31,30,31,30,31,31,30,31,30,31],g445=[1,5,9,14,18,22,27,31,35,40,44,48,53];
var fOnResize,fRepaint,fHoliday,fOnChange,fAfterSelected,fOnDrag,gcOtherDayBG,fOnWeekClick,fIsSelected,fParseInput,fFormatInput,fOnDoWClick,fOnload;
Expand Down
16 changes: 15 additions & 1 deletion FlatCalXP/demos/Fullsized/nflateng.htm
View file
@@ -1,6 +1,6 @@
<html>
<head>
<title>FlatCalendarXP 10.0.0 - Copyright Idemfactor Solutions, Inc.</title>
<title>FlatCalendarXP 10.0.1 - Copyright Idemfactor Solutions, Inc.</title>
<style type="text/css">
.cxpNS {text-align:left;}
.cxpLT {text-decoration:line-through;}
Expand All @@ -13,6 +13,20 @@
var MAC=ua.indexOf('mac')!=-1,NN4=true,OP=NS6=IE5=IE4=IE=KO3=KO=SA=SA1=GK=OP8=false;
var gfSelf=this;
var gTheme=this.name.split(":");
if (/[\\'("`;\r\n]/.test(gfSelf.name)
|| /[\.]/.test(gTheme[0])
|| (gTheme[2]&&gTheme[2].substring(0,6)=="share[" && /[\.]/.test(gTheme[2]))
|| /[\.]/.test(gTheme[3])) {
var offendingName = gfSelf.name;
// Set default values for subsequent script tags
gfSelf.name="gToday:normal:agenda.js";
gTheme=gfSelf.name.split(":");
var err = ("This version of CalendarXP tries to avoid malicious XSS input but may fail passing benign parameters."
+ "\n******** Offending iframe name: ********\n" + offendingName + "\n************************\n");
console.log(err);
alert(err);
throw new Error(err);
}
var gCurMonth=eval(gTheme[0]); gCurMonth=fCalibrate(gCurMonth[0],gCurMonth[1]);
var gContainer=self,gDays=[31,31,28,31,30,31,30,31,31,30,31,30,31],g445=[1,5,9,14,18,22,27,31,35,40,44,48,53];
var fOnResize,fRepaint,fHoliday,fOnChange,fAfterSelected,fOnDrag,gcOtherDayBG,fOnWeekClick,fIsSelected,fParseInput,fFormatInput,fOnDoWClick,fOnload;
Expand Down
16 changes: 15 additions & 1 deletion FlatCalXP/demos/HelloWorld/iflateng.htm
View file
@@ -1,6 +1,6 @@
<html>
<head>
<title>FlatCalendarXP 10.0.0 - Copyright Idemfactor Solutions, Inc.</title>
<title>FlatCalendarXP 10.0.1 - Copyright Idemfactor Solutions, Inc.</title>
<script type='text/javascript'>
var gd=new Date(), gToday=[gd.getFullYear(),gd.getMonth()+1,gd.getDate()];
var ua=navigator.userAgent.toLowerCase();
Expand All @@ -9,6 +9,20 @@
var NN4=false,NS6=ua.indexOf("netscape6/6.0")!=-1,IE4=IE&&!document.getElementById,IE5=IE&&![].push&&!IE4;
var gfSelf=fGetById(parent.document,self.name);
var gTheme=self.name.split(":");
if (/[\\'("`;\r\n]/.test(self.name)
|| /[\.]/.test(gTheme[0])
|| (gTheme[2]&&gTheme[2].substring(0,6)=="share[" && /[\.]/.test(gTheme[2]))
|| /[\.]/.test(gTheme[3])) {
var offendingName = self.name;
// Set default values for subsequent script tags
self.name="gToday:normal:agenda.js";
gTheme=self.name.split(":");
var err = ("This version of CalendarXP tries to avoid malicious XSS input but may fail passing benign parameters."
+ "\n******** Offending iframe name: ********\n" + offendingName + "\n************************\n");
console.log(err);
alert(err);
throw new Error(err);
}
var gCurMonth=eval(gTheme[0]); gCurMonth=fCalibrate(gCurMonth[0],gCurMonth[1]);
var gContainer=parent,gDays=[31,31,28,31,30,31,30,31,31,30,31,30,31],g445=[1,5,9,14,18,22,27,31,35,40,44,48,53];
var fOnResize,fRepaint,fHoliday,fOnChange,fAfterSelected,fOnDrag,gcOtherDayBG,fOnWeekClick,fIsSelected,fParseInput,fFormatInput,fOnDoWClick,fOnload;
Expand Down
16 changes: 15 additions & 1 deletion FlatCalXP/demos/HelloWorld/nflateng.htm
View file
@@ -1,6 +1,6 @@
<html>
<head>
<title>FlatCalendarXP 10.0.0 - Copyright Idemfactor Solutions, Inc.</title>
<title>FlatCalendarXP 10.0.1 - Copyright Idemfactor Solutions, Inc.</title>
<style type="text/css">
.cxpNS {text-align:left;}
.cxpLT {text-decoration:line-through;}
Expand All @@ -13,6 +13,20 @@
var MAC=ua.indexOf('mac')!=-1,NN4=true,OP=NS6=IE5=IE4=IE=KO3=KO=SA=SA1=GK=OP8=false;
var gfSelf=this;
var gTheme=this.name.split(":");
if (/[\\'("`;\r\n]/.test(gfSelf.name)
|| /[\.]/.test(gTheme[0])
|| (gTheme[2]&&gTheme[2].substring(0,6)=="share[" && /[\.]/.test(gTheme[2]))
|| /[\.]/.test(gTheme[3])) {
var offendingName = gfSelf.name;
// Set default values for subsequent script tags
gfSelf.name="gToday:normal:agenda.js";
gTheme=gfSelf.name.split(":");
var err = ("This version of CalendarXP tries to avoid malicious XSS input but may fail passing benign parameters."
+ "\n******** Offending iframe name: ********\n" + offendingName + "\n************************\n");
console.log(err);
alert(err);
throw new Error(err);
}
var gCurMonth=eval(gTheme[0]); gCurMonth=fCalibrate(gCurMonth[0],gCurMonth[1]);
var gContainer=self,gDays=[31,31,28,31,30,31,30,31,31,30,31,30,31],g445=[1,5,9,14,18,22,27,31,35,40,44,48,53];
var fOnResize,fRepaint,fHoliday,fOnChange,fAfterSelected,fOnDrag,gcOtherDayBG,fOnWeekClick,fIsSelected,fParseInput,fFormatInput,fOnDoWClick,fOnload;
Expand Down
16 changes: 15 additions & 1 deletion FlatCalXP/demos/MockupSibling/iflateng.htm
View file
@@ -1,6 +1,6 @@
<html>
<head>
<title>FlatCalendarXP 10.0.0 - Copyright Idemfactor Solutions, Inc.</title>
<title>FlatCalendarXP 10.0.1 - Copyright Idemfactor Solutions, Inc.</title>
<script type='text/javascript'>
var gd=new Date(), gToday=[gd.getFullYear(),gd.getMonth()+1,gd.getDate()];
var ua=navigator.userAgent.toLowerCase();
Expand All @@ -9,6 +9,20 @@
var NN4=false,NS6=ua.indexOf("netscape6/6.0")!=-1,IE4=IE&&!document.getElementById,IE5=IE&&![].push&&!IE4;
var gfSelf=fGetById(parent.document,self.name);
var gTheme=self.name.split(":");
if (/[\\'("`;\r\n]/.test(self.name)
|| /[\.]/.test(gTheme[0])
|| (gTheme[2]&&gTheme[2].substring(0,6)=="share[" && /[\.]/.test(gTheme[2]))
|| /[\.]/.test(gTheme[3])) {
var offendingName = self.name;
// Set default values for subsequent script tags
self.name="gToday:normal:agenda.js";
gTheme=self.name.split(":");
var err = ("This version of CalendarXP tries to avoid malicious XSS input but may fail passing benign parameters."
+ "\n******** Offending iframe name: ********\n" + offendingName + "\n************************\n");
console.log(err);
alert(err);
throw new Error(err);
}
var gCurMonth=eval(gTheme[0]); gCurMonth=fCalibrate(gCurMonth[0],gCurMonth[1]);
var gContainer=parent,gDays=[31,31,28,31,30,31,30,31,31,30,31,30,31],g445=[1,5,9,14,18,22,27,31,35,40,44,48,53];
var fOnResize,fRepaint,fHoliday,fOnChange,fAfterSelected,fOnDrag,gcOtherDayBG,fOnWeekClick,fIsSelected,fParseInput,fFormatInput,fOnDoWClick,fOnload;
Expand Down
16 changes: 15 additions & 1 deletion FlatCalXP/demos/MockupSibling/nflateng.htm
View file
@@ -1,6 +1,6 @@
<html>
<head>
<title>FlatCalendarXP 10.0.0 - Copyright Idemfactor Solutions, Inc.</title>
<title>FlatCalendarXP 10.0.1 - Copyright Idemfactor Solutions, Inc.</title>
<style type="text/css">
.cxpNS {text-align:left;}
.cxpLT {text-decoration:line-through;}
Expand All @@ -13,6 +13,20 @@
var MAC=ua.indexOf('mac')!=-1,NN4=true,OP=NS6=IE5=IE4=IE=KO3=KO=SA=SA1=GK=OP8=false;
var gfSelf=this;
var gTheme=this.name.split(":");
if (/[\\'("`;\r\n]/.test(gfSelf.name)
|| /[\.]/.test(gTheme[0])
|| (gTheme[2]&&gTheme[2].substring(0,6)=="share[" && /[\.]/.test(gTheme[2]))
|| /[\.]/.test(gTheme[3])) {
var offendingName = gfSelf.name;
// Set default values for subsequent script tags
gfSelf.name="gToday:normal:agenda.js";
gTheme=gfSelf.name.split(":");
var err = ("This version of CalendarXP tries to avoid malicious XSS input but may fail passing benign parameters."
+ "\n******** Offending iframe name: ********\n" + offendingName + "\n************************\n");
console.log(err);
alert(err);
throw new Error(err);
}
var gCurMonth=eval(gTheme[0]); gCurMonth=fCalibrate(gCurMonth[0],gCurMonth[1]);
var gContainer=self,gDays=[31,31,28,31,30,31,30,31,31,30,31,30,31],g445=[1,5,9,14,18,22,27,31,35,40,44,48,53];
var fOnResize,fRepaint,fHoliday,fOnChange,fAfterSelected,fOnDrag,gcOtherDayBG,fOnWeekClick,fIsSelected,fParseInput,fFormatInput,fOnDoWClick,fOnload;
Expand Down
16 changes: 15 additions & 1 deletion FlatCalXP/demos/MultiPicker/iflateng.htm
View file
@@ -1,6 +1,6 @@
<html>
<head>
<title>FlatCalendarXP 10.0.0 - Copyright Idemfactor Solutions, Inc.</title>
<title>FlatCalendarXP 10.0.1 - Copyright Idemfactor Solutions, Inc.</title>
<script type='text/javascript'>
var gd=new Date(), gToday=[gd.getFullYear(),gd.getMonth()+1,gd.getDate()];
var ua=navigator.userAgent.toLowerCase();
Expand All @@ -9,6 +9,20 @@
var NN4=false,NS6=ua.indexOf("netscape6/6.0")!=-1,IE4=IE&&!document.getElementById,IE5=IE&&![].push&&!IE4;
var gfSelf=fGetById(parent.document,self.name);
var gTheme=self.name.split(":");
if (/[\\'("`;\r\n]/.test(self.name)
|| /[\.]/.test(gTheme[0])
|| (gTheme[2]&&gTheme[2].substring(0,6)=="share[" && /[\.]/.test(gTheme[2]))
|| /[\.]/.test(gTheme[3])) {
var offendingName = self.name;
// Set default values for subsequent script tags
self.name="gToday:normal:agenda.js";
gTheme=self.name.split(":");
var err = ("This version of CalendarXP tries to avoid malicious XSS input but may fail passing benign parameters."
+ "\n******** Offending iframe name: ********\n" + offendingName + "\n************************\n");
console.log(err);
alert(err);
throw new Error(err);
}
var gCurMonth=eval(gTheme[0]); gCurMonth=fCalibrate(gCurMonth[0],gCurMonth[1]);
var gContainer=parent,gDays=[31,31,28,31,30,31,30,31,31,30,31,30,31],g445=[1,5,9,14,18,22,27,31,35,40,44,48,53];
var fOnResize,fRepaint,fHoliday,fOnChange,fAfterSelected,fOnDrag,gcOtherDayBG,fOnWeekClick,fIsSelected,fParseInput,fFormatInput,fOnDoWClick,fOnload;
Expand Down
16 changes: 15 additions & 1 deletion FlatCalXP/demos/MultiPicker/nflateng.htm
View file
@@ -1,6 +1,6 @@
<html>
<head>
<title>FlatCalendarXP 10.0.0 - Copyright Idemfactor Solutions, Inc.</title>
<title>FlatCalendarXP 10.0.1 - Copyright Idemfactor Solutions, Inc.</title>
<style type="text/css">
.cxpNS {text-align:left;}
.cxpLT {text-decoration:line-through;}
Expand All @@ -13,6 +13,20 @@
var MAC=ua.indexOf('mac')!=-1,NN4=true,OP=NS6=IE5=IE4=IE=KO3=KO=SA=SA1=GK=OP8=false;
var gfSelf=this;
var gTheme=this.name.split(":");
if (/[\\'("`;\r\n]/.test(gfSelf.name)
|| /[\.]/.test(gTheme[0])
|| (gTheme[2]&&gTheme[2].substring(0,6)=="share[" && /[\.]/.test(gTheme[2]))
|| /[\.]/.test(gTheme[3])) {
var offendingName = gfSelf.name;
// Set default values for subsequent script tags
gfSelf.name="gToday:normal:agenda.js";
gTheme=gfSelf.name.split(":");
var err = ("This version of CalendarXP tries to avoid malicious XSS input but may fail passing benign parameters."
+ "\n******** Offending iframe name: ********\n" + offendingName + "\n************************\n");
console.log(err);
alert(err);
throw new Error(err);
}
var gCurMonth=eval(gTheme[0]); gCurMonth=fCalibrate(gCurMonth[0],gCurMonth[1]);
var gContainer=self,gDays=[31,31,28,31,30,31,30,31,31,30,31,30,31],g445=[1,5,9,14,18,22,27,31,35,40,44,48,53];
var fOnResize,fRepaint,fHoliday,fOnChange,fAfterSelected,fOnDrag,gcOtherDayBG,fOnWeekClick,fIsSelected,fParseInput,fFormatInput,fOnDoWClick,fOnload;
Expand Down
16 changes: 15 additions & 1 deletion FlatCalXP/demos/Popup/iflateng.htm
View file
@@ -1,6 +1,6 @@
<html>
<head>
<title>FlatCalendarXP 10.0.0 - Copyright Idemfactor Solutions, Inc.</title>
<title>FlatCalendarXP 10.0.1 - Copyright Idemfactor Solutions, Inc.</title>
<script type='text/javascript'>
var gd=new Date(), gToday=[gd.getFullYear(),gd.getMonth()+1,gd.getDate()];
var ua=navigator.userAgent.toLowerCase();
Expand All @@ -9,6 +9,20 @@
var NN4=false,NS6=ua.indexOf("netscape6/6.0")!=-1,IE4=IE&&!document.getElementById,IE5=IE&&![].push&&!IE4;
var gfSelf=fGetById(parent.document,self.name);
var gTheme=self.name.split(":");
if (/[\\'("`;\r\n]/.test(self.name)
|| /[\.]/.test(gTheme[0])
|| (gTheme[2]&&gTheme[2].substring(0,6)=="share[" && /[\.]/.test(gTheme[2]))
|| /[\.]/.test(gTheme[3])) {
var offendingName = self.name;
// Set default values for subsequent script tags
self.name="gToday:normal:agenda.js";
gTheme=self.name.split(":");
var err = ("This version of CalendarXP tries to avoid malicious XSS input but may fail passing benign parameters."
+ "\n******** Offending iframe name: ********\n" + offendingName + "\n************************\n");
console.log(err);
alert(err);
throw new Error(err);
}
var gCurMonth=eval(gTheme[0]); gCurMonth=fCalibrate(gCurMonth[0],gCurMonth[1]);
var gContainer=parent,gDays=[31,31,28,31,30,31,30,31,31,30,31,30,31],g445=[1,5,9,14,18,22,27,31,35,40,44,48,53];
var fOnResize,fRepaint,fHoliday,fOnChange,fAfterSelected,fOnDrag,gcOtherDayBG,fOnWeekClick,fIsSelected,fParseInput,fFormatInput,fOnDoWClick,fOnload;
Expand Down

0 comments on commit 020dd92

Please sign in to comment.