diff options
author | Ingo Schwarze <schwarze@openbsd.org> | 2014-07-22 22:41:35 +0000 |
---|---|---|
committer | Ingo Schwarze <schwarze@openbsd.org> | 2014-07-22 22:41:35 +0000 |
commit | 5958bb58d226401788b8cb09c2a2b93dc28de2d5 (patch) | |
tree | e6da696f7062c9f6bc6dffed91a0cb7b3cc5daf3 /cgi.c | |
parent | b60b23600ca14efd4017a9f23b6e2044118a886c (diff) | |
download | mandoc-5958bb58d226401788b8cb09c2a2b93dc28de2d5.tar.gz mandoc-5958bb58d226401788b8cb09c2a2b93dc28de2d5.tar.zst mandoc-5958bb58d226401788b8cb09c2a2b93dc28de2d5.zip |
Security fix:
The function print_encode() is used both for plain text
and for quoted attribute values.
Escape the '"' character such that malicious manuals cannot pull off
XSS attacks using malformed .Lk, .Mt, .%U, and .UR macros (and maybe
others) to trigger the latter case.
In the former case, escaping does no harm.
Issue found by Sebastien Marie <semarie-openbsd at latrappe dot fr>.
Diffstat (limited to 'cgi.c')
0 files changed, 0 insertions, 0 deletions