summaryrefslogtreecommitdiffstats
path: root/system/libraries/Javascript.php
diff options
context:
space:
mode:
authorPascal Kriete <pascal.kriete@ellislab.com>2011-04-05 21:04:28 +0200
committerPascal Kriete <pascal.kriete@ellislab.com>2011-04-05 21:04:28 +0200
commitf1bd6fa78a3235ade2365a43bb5124ff72807c96 (patch)
tree3223e7805eacdb25cc22b311261bff321136b70a /system/libraries/Javascript.php
parent6b488674368cf695a228e87e7d8e0f4f40fe4181 (diff)
Fixed a bug in the Javascript Library where improperly escaped characters could result in arbitrary javascript execution.
Diffstat (limited to 'system/libraries/Javascript.php')
-rw-r--r--system/libraries/Javascript.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/system/libraries/Javascript.php b/system/libraries/Javascript.php
index 167859abd..34e0d7001 100644
--- a/system/libraries/Javascript.php
+++ b/system/libraries/Javascript.php
@@ -855,7 +855,7 @@ class CI_Javascript {
}
elseif (is_string($result) OR $is_key)
{
- return '"'.str_replace(array('\\', "\t", "\n", "\r", '"'), array('\\\\', '\\t', '\\n', "\\r", '\"'), $result).'"';
+ return '"'.str_replace(array('\\', "\t", "\n", "\r", '"', '/'), array('\\\\', '\\t', '\\n', "\\r", '\"', '\/'), $result).'"';
}
elseif (is_scalar($result))
{