RVE-2024-1 properly encode document title passed to js variable

2026-01-08 03:01:43 +09:00 · 2024-01-20 00:41:14 +09:00 · 2024-01-20 00:41:14 +09:00 · 1854700e77
commit 1854700e77
parent 152fb4e753
2 changed files with 2 additions and 2 deletions
--- a/modules/board/skins/default/_read.html
+++ b/modules/board/skins/default/_read.html
@ -67,7 +67,7 @@
 				<li class="delicious link"><a href="https://delicious.com/">Delicious</a></li>
 			</ul>
 			<script>
-				var sTitle = '{str_ireplace(array('<script', '</script'), array("<scr'+'ipt", "</scr'+'ipt"), addslashes($oDocument->getTitleText()))}';
+				var sTitle = {json_encode($oDocument->getTitleText())};
 				jQuery(function($){
 					$('.twitter>a').snspost({
 						type : 'twitter',
--- a/modules/board/skins/xedition/_read.html
+++ b/modules/board/skins/xedition/_read.html
@ -64,7 +64,7 @@
 		    </li>
 		    </ul>
 			<script>
-				var sTitle = '{$oDocument->getTitleText()}';
+				var sTitle = {json_encode($oDocument->getTitleText())};
 				jQuery(function($){
 					$('.twitter').snspost({
 						type : 'twitter',