You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The problem is in wrong usage of «String.replace». If there are several occurancies of identical characters in string, «String.replace» is replacing only first always. And the cycle goes forever.
«^1%» ^ replaces to %5E, but last % replaces first % to %25 again, and we gets %255E%, and it's forever %2525E% ... %252525E% ....
The solution is replace character at position:
446: »»» string = string.replace(string[i], escape(string[i]));
446: string = string.substring(0, i) + escape(string[i]) + string.substring(i + 1);
function xssPrevent(string, flag) goes in infinity loop if the text in input is something like «^1%».
It's because of escaping in for loop:
master/jquery.fcbkcomplete.js:lines 441-448:
Javascripts hangs up and browser hangs up.
The text was updated successfully, but these errors were encountered: