Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Fixed XSS bugs in bbcode.asm and minimag.asm libraries. |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | FreshLibDev |
| Files: | files | file ages | folders |
| SHA1: | a3caaf7ad85033489e668b5bfa37185b013cfa2e |
| User & Date: | johnfound 2023-03-13 12:12:37 |
Context
|
2023-03-13
| ||
| 12:12 | Fixed XSS bugs in bbcode.asm and minimag.asm libraries. Leaf check-in: a3caaf7ad8 user: johnfound tags: FreshLibDev | |
|
2023-01-11
| ||
| 20:35 |
StrExtractMem implemented in strlib, because StrExtract user StrLen on the source, which can be very slow on big arrays of char.
Some work on the Linux X structures and code. check-in: 38ab02c795 user: johnfound tags: FreshLibDev | |
Changes
Changes to freshlib/data/bbcode.asm.
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
...
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
|
je .process_attribute
test [eax+TOneTag.flags], fEmptyAttr ; if the tag allows empty attribute, simply copy
jnz .copy ; the tag suffix without trying to replace the attribute.
; here copy and encode the attribute value:
.process_attribute:
inc ebx
push esi ecx [edx+TText.GapBegin]
lea esi, [edi-1]
mov [.tagMix], '<u >'
................................................................................
inc [edx+TText.GapBegin]
inc ebx
inc esi
jmp .attr_loop
.end_of_attr1:
inc esi ; delete "]"
dec ebx
add esi, [edx+TText.GapEnd]
sub esi, [edx+TText.GapBegin]
mov [edx+TText.GapEnd], esi
.end_of_attr2:
cmp [.tagMix], '</u>'
jne .mix_closed
stdcall TextSetGapSize, edx, 4
mov edi, [edx+TText.GapBegin]
pushd [.tagMix]
popd [edx+edi]
|
|
<
<
<
|
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
...
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
|
je .process_attribute
test [eax+TOneTag.flags], fEmptyAttr ; if the tag allows empty attribute, simply copy
jnz .copy ; the tag suffix without trying to replace the attribute.
; here copy and encode the attribute value:
.process_attribute:
; inc ebx
push esi ecx [edx+TText.GapBegin]
lea esi, [edi-1]
mov [.tagMix], '<u >'
................................................................................
inc [edx+TText.GapBegin]
inc ebx
inc esi
jmp .attr_loop
.end_of_attr1:
inc esi ; delete "]"
add esi, [edx+TText.GapEnd]
sub esi, [edx+TText.GapBegin]
mov [edx+TText.GapEnd], esi
.end_of_attr2:
cmp [.tagMix], '</u>'
jne .mix_closed
stdcall TextSetGapSize, edx, 4
mov edi, [edx+TText.GapBegin]
pushd [.tagMix]
popd [edx+edi]
|
Changes to freshlib/data/minimag.asm.
131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 |
lea edi, [ecx+1] ; the start of the label.
xor esi, esi
xor eax, eax
.hash_loop:
inc ecx
cmp ecx, [edx+TText.Length]
jae .second_pass
mov al, [edx+ecx]
test al, al
jz .second_pass
cmp al, ']'
je .end_of_lbl
test al, al
js .add_hash
|
| | |
131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 |
lea edi, [ecx+1] ; the start of the label.
xor esi, esi
xor eax, eax
.hash_loop:
inc ecx
cmp ecx, [edx+TText.Length]
jae .end_of_lbl ;.second_pass
mov al, [edx+ecx]
test al, al
jz .end_of_lbl ;.second_pass
cmp al, ']'
je .end_of_lbl
test al, al
js .add_hash
|