IlyaSobolev/helpcenter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 27 Wiki Activity

Fix Bug 50998 - HelpCenter: Отраженная инъекция XSS внутри тега HTML Link.

Browse Source
This commit is contained in:
Irina Tiulneva 2021-09-15 16:35:01 +03:00
parent 27ad9597f3
commit 4c59bb0a0f
1 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
Web/Masters/BaseMaster.master
View File

@ -30,12 +30,27 @@
foreach (var availibleLanguage in LanguageProvider.GetAvailibleLanguages())
{
var key = availibleLanguage.Key;
if (key.Contains(".aspx"))
{
var newKey = key.Split(
new[] { ".aspx" },
StringSplitOptions.None
);
key = newKey[0] + ".aspx";
}
var keyUrl = new Uri(availibleLanguage.Key);
if (keyUrl.Query != "")
{
key = key.Replace(keyUrl.Query, "");
}
if (availibleLanguage.Value.Name == culture)
sb.Insert(0, string.Format(@"<link rel=""canonical"" href=""{0}"" />",
availibleLanguage.Key) + Environment.NewLine);
key) + Environment.NewLine);
sb.AppendLine(string.Format(@"<link rel=""alternate"" href=""{0}"" hreflang=""{1}"" />",
availibleLanguage.Key.HtmlEncode(),
key.HtmlEncode(),
availibleLanguage.Value.Name));
}