From f1bd6fa78a3235ade2365a43bb5124ff72807c96 Mon Sep 17 00:00:00 2001
From: Pascal Kriete <pascal.kriete@ellislab.com>
Date: Tue, 5 Apr 2011 15:04:28 -0400
Subject: Fixed a bug in the Javascript Library where improperly escaped
 characters could result in arbitrary javascript execution.

---
 system/libraries/Javascript.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'system/libraries')

diff --git a/system/libraries/Javascript.php b/system/libraries/Javascript.php
index 167859abd..34e0d7001 100644
--- a/system/libraries/Javascript.php
+++ b/system/libraries/Javascript.php
@@ -855,7 +855,7 @@ class CI_Javascript {
 		}
 		elseif (is_string($result) OR $is_key)
 		{
-			return '"'.str_replace(array('\\', "\t", "\n", "\r", '"'), array('\\\\', '\\t', '\\n', "\\r", '\"'), $result).'"';
+			return '"'.str_replace(array('\\', "\t", "\n", "\r", '"', '/'), array('\\\\', '\\t', '\\n', "\\r", '\"', '\/'), $result).'"';			
 		}
 		elseif (is_scalar($result))
 		{
-- 
cgit v1.2.3-24-g4f1b