[galaxy-dev] [hg] galaxy 2803: Prevent script tags in uploads as reported by ...

2 Oct 2009

details:   http://www.bx.psu.edu/hg/galaxy/rev/88fdb7f40b0e
changeset: 2803:88fdb7f40b0e
user:      Nate Coraor <nate@bx.psu.edu>
date:      Wed Sep 30 09:22:02 2009 -0400
description:
Prevent script tags in uploads as reported by Mitsuteru Nakao

1 file(s) affected in this change:

tools/data_source/upload.py

diffs (16 lines):

diff -r feec758a8774 -r 88fdb7f40b0e tools/data_source/upload.py

--- a/tools/data_source/upload.py	Wed Sep 30 08:28:31 2009 -0400
+++ b/tools/data_source/upload.py	Wed Sep 30 09:22:02 2009 -0400
@@ -49,10 +49,11 @@
     regexp2 = re.compile( "<IFRAME[^>]*>", re.I )
     regexp3 = re.compile( "<FRAMESET[^>]*>", re.I )
     regexp4 = re.compile( "<META[^>]*>", re.I )
+    regexp5 = re.compile( "<SCRIPT[^>]*>", re.I )
     lineno = 0
     for line in temp:
         lineno += 1
-        matches = regexp1.search( line ) or regexp2.search( line ) or regexp3.search( line ) or regexp4.search( line )
+        matches = regexp1.search( line ) or regexp2.search( line ) or regexp3.search( line ) or regexp4.search( line ) or regexp5.search( line )
         if matches:
             if chunk is None:
                 temp.close()

    