Commits

Tim Olsen  committed 6a8ba37 Merge

Merge recent modifications from xnat_1_4.

  • Participants
  • Parent commits 8f51a4b, 0896f96

Comments (0)

Files changed (1)

File src/main/java/org/nrg/xft/db/DBAction.java

 				}else{
 					String s=baos.toString();
 					String upper=s.toUpperCase();
-					if(s.contains("<") && s.contains(">") && (upper.contains("SCRIPT") || upper.contains("IMG") || upper.contains("IMAGE"))){
+					if(s.contains("<") && s.contains(">") && (upper.contains("SCRIPT") || ((upper.contains("IMG") || upper.contains("IMAGE")) && (upper.contains("JAVASCRIPT"))))){
 						if(!allowInvalidValues){
 							AdminUtils.sendAdminEmail("Possible Cross-site scripting attempt blocked", s);
 							throw new InvalidValueException("Use of '<' and '>' are not allowed in content.");
 				}else{
 					String s=o.toString();
 					String upper=s.toUpperCase();
-					if(s.contains("<") && s.contains(">") && (upper.contains("SCRIPT") || upper.contains("IMG") || upper.contains("IMAGE"))){
+					if(s.contains("<") && s.contains(">") && (upper.contains("SCRIPT") || ((upper.contains("IMG") || upper.contains("IMAGE")) && (upper.contains("JAVASCRIPT"))))){
 						if(!allowInvalidValues){
 							AdminUtils.sendAdminEmail("Possible Cross-site scripting attempt blocked", s);
 							throw new InvalidValueException("Use of '<' and '>' are not allowed in content.");						
 			return o.toString();
 		}
 	}
-	
+		
 	/**
 	 * @param item
 	 * @param toRemove