Fix Bug 50998 - HelpCenter: Отраженная инъекция XSS внутри тега HTML Link.
This commit is contained in:
parent
27ad9597f3
commit
4c59bb0a0f
@ -30,12 +30,27 @@
|
||||
|
||||
foreach (var availibleLanguage in LanguageProvider.GetAvailibleLanguages())
|
||||
{
|
||||
var key = availibleLanguage.Key;
|
||||
if (key.Contains(".aspx"))
|
||||
{
|
||||
var newKey = key.Split(
|
||||
new[] { ".aspx" },
|
||||
StringSplitOptions.None
|
||||
);
|
||||
key = newKey[0] + ".aspx";
|
||||
}
|
||||
var keyUrl = new Uri(availibleLanguage.Key);
|
||||
if (keyUrl.Query != "")
|
||||
{
|
||||
key = key.Replace(keyUrl.Query, "");
|
||||
}
|
||||
|
||||
if (availibleLanguage.Value.Name == culture)
|
||||
sb.Insert(0, string.Format(@"<link rel=""canonical"" href=""{0}"" />",
|
||||
availibleLanguage.Key) + Environment.NewLine);
|
||||
key) + Environment.NewLine);
|
||||
|
||||
sb.AppendLine(string.Format(@"<link rel=""alternate"" href=""{0}"" hreflang=""{1}"" />",
|
||||
availibleLanguage.Key.HtmlEncode(),
|
||||
key.HtmlEncode(),
|
||||
availibleLanguage.Value.Name));
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user