summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJay Freeman (saurik) <saurik@saurik.com>2010-12-02 03:07:54 -0800
committerJay Freeman (saurik) <saurik@saurik.com>2010-12-02 03:48:55 -0800
commit61cc8460c4bb3c19180732df2006a63a9b62680b (patch)
tree633071487b436d1bde090f2a16873cbcd6f08746
parent0263db76b03034fba9c0a7e3ce993352ad3966fe (diff)
Protect against various <script/>-injection attacks.
-rw-r--r--MobileCydia.app/package.js18
1 files changed, 9 insertions, 9 deletions
diff --git a/MobileCydia.app/package.js b/MobileCydia.app/package.js
index 4d016d4..07f9588 100644
--- a/MobileCydia.app/package.js
+++ b/MobileCydia.app/package.js
@@ -66,8 +66,8 @@ $(function () {
$("#icon").css("background-image", 'url("' + icon + '")');
//$("#reflection").src("cydia://package-icon/" + idc);
- $("#name").html(name);
- space("#latest", package.latest, 96);
+ $("#name").html($.xml(name));
+ space("#latest", $.xml(package.latest), 96);
$.xhr(capi + 'package/' + idc, 'GET', {}, null, {
success: function (value) {
@@ -177,7 +177,7 @@ $(function () {
if (author == null)
$(".author").addClass("deleted");
else {
- space("#author", author.name, 160);
+ space("#author", $.xml(author.name), 160);
if (author.address == null)
$("#author-icon").addClass("deleted");
else if (support == null)
@@ -223,18 +223,18 @@ $(function () {
if (installed == null)
$(".installed").addClass("deleted");
else {
- $("#installed").html(installed);
+ $("#installed").html($.xml(installed));
$("#files-href").href("cydia://files/" + idc);
}
- space("#id", id, 220);
+ space("#id", $.xml(id), 220);
var section = package.longSection;
if (section == null)
$(".section").addClass("deleted");
else {
$("#section-src").src("cydia://section-icon/" + encodeURIComponent(section));
- $("#section").html(section);
+ $("#section").html($.xml(section));
}
var size = package.size;
@@ -247,7 +247,7 @@ $(function () {
if (maintainer == null)
$(".maintainer").addClass("deleted");
else {
- space("#maintainer", maintainer.name, 153);
+ space("#maintainer", $.xml(maintainer.name), 153);
if (maintainer.address == null)
$("#maintainer-icon").addClass("deleted");
else if (support == null)
@@ -260,7 +260,7 @@ $(function () {
if (sponsor == null)
$(".sponsor").addClass("deleted");
else {
- space("#sponsor", sponsor.name, 152);
+ space("#sponsor", $.xml(sponsor.name), 152);
$("#sponsor-href").href(sponsor.address);
}
@@ -272,7 +272,7 @@ $(function () {
var host = source.host;
$("#source-src").src("cydia://source-icon/" + encodeURIComponent(host));
- $("#source-name").html(source.name);
+ $("#source-name").html($.xml(source.name));
if (source.trusted)
$("#trusted").href("cydia://package-signature/" + idc);