Red Hat Bugzilla – Bug 126366
this|window.status rewrite fails to account for escaped '"s
Last modified: 2007-11-30 17:10:45 EST
From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322) Description of problem: When privoxy is rewriting changes to (this|window).status it will create invalid javascript if the original string attempts to escape the quote charater. Version-Release number of selected component (if applicable): privoxy-3.0.3-1 How reproducible: Always Steps to Reproduce: 1. Create a simple file to run through the proxy, one like this works: <?php print("<a href=\"bugzilla.redhat.com\" target=\"new\" onmouseover=\"window.status = 'bug\'s'\">broken</a>\n<br>\n"); print("<a href=\"bugzilla.redhat.com\" target=\"new\" onmouseover=\"window.status = 'bugs'\">works</a>\n"); ?> 2. Load the page through the proxy. 3. Note the bad output caused by the escape character unaware match in /etc/privoxy/default.filter Additional info:
Oh yeah, here is the fix I'm using: s/(\W\s*)((this|window)\.(default)?status)\s*=\s*((['"]).*?(?<!\\)\6)/ $1if(typeof(this.href) != 'undefined') $2 = $5 + ' URL: ' + this.href;else return false/ig Note the (?<!\\) before \6 so it matches the full string.
fix added to the rawhide package, thanks!