Merge pull request from GHSA-8mq4-9jjh-9xrc

Patch XSS and Open-Redirect in frames.erb
lsegal · Feb 28, 2024 · 2069e2b · 2069e2b
2 parents 2d197a3 + d78fc39
commit 2069e2b
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/templates/default/fulldoc/html/frames.erb b/templates/default/fulldoc/html/frames.erb
@@ -5,10 +5,10 @@
 	<title><%= options.title %></title>
 </head>
 <script type="text/javascript">
-  var match = unescape(window.location.hash).match(/^#!(.+)/);
+  var match = decodeURIComponent(window.location.hash).match(/^#!(.+)/);
   var name = match ? match[1] : '<%= url_for_main %>';
-  name = name.replace(/^(\w+):\/\//, '').replace(/^\/\//, '');
-  window.top.location = name;
+  name = name.replace(/^((\w*):)?[\/\\]*/gm, '').trim();
+  window.top.location.replace(name)
 </script>
 <noscript>
   <h1>Oops!</h1>