diff options
author | Pascal Kriete <pascal.kriete@ellislab.com> | 2011-04-05 21:04:28 +0200 |
---|---|---|
committer | Pascal Kriete <pascal.kriete@ellislab.com> | 2011-04-05 21:04:28 +0200 |
commit | f1bd6fa78a3235ade2365a43bb5124ff72807c96 (patch) | |
tree | 3223e7805eacdb25cc22b311261bff321136b70a /system/libraries/Javascript.php | |
parent | 6b488674368cf695a228e87e7d8e0f4f40fe4181 (diff) |
Fixed a bug in the Javascript Library where improperly escaped characters could result in arbitrary javascript execution.
Diffstat (limited to 'system/libraries/Javascript.php')
-rw-r--r-- | system/libraries/Javascript.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/system/libraries/Javascript.php b/system/libraries/Javascript.php index 167859abd..34e0d7001 100644 --- a/system/libraries/Javascript.php +++ b/system/libraries/Javascript.php @@ -855,7 +855,7 @@ class CI_Javascript { } elseif (is_string($result) OR $is_key) { - return '"'.str_replace(array('\\', "\t", "\n", "\r", '"'), array('\\\\', '\\t', '\\n', "\\r", '\"'), $result).'"'; + return '"'.str_replace(array('\\', "\t", "\n", "\r", '"', '/'), array('\\\\', '\\t', '\\n', "\\r", '\"', '\/'), $result).'"'; } elseif (is_scalar($result)) { |