* Several bugfixes: * fixed bug in handling of case insensitive codes, * fixed nasty bug that made [list][*][*][/list] misbehave * Documentation: Changed example to prevent XSS attacks * Changed license from "Artistic-2 or GPL-2" to "MIT". Reproducible: Always
Created attachment 138190 [details] dev-php/stringparser_bbcode-0.3.2a.ebuild Ebuild for dev-php/stringparser_bbcode-0.3.2a
(In reply to comment #0) > * Documentation: Changed example to prevent XSS attacks What kind of example are you referring to here? There's no .php example files shipped with the ebuild.
I'm the developer of the package (Jan sent me the link to this bug report). The example I meant in the ChangeLog is inside the documentation, have a look at the following web page: http://www.christian-seiler.de/projekte/php/bbcode/doc/en/chapter9.php (that page is also available inside the tarball, stringparser_bbcode-0.3.2a/doc/en/chapter9.html) I added checks to the functions that make sure that the file, data, javascript and jar protocols can't be used in links or images so that people who just C&P the code into their own projects without reading the whole documentation (chapter 4 especially) aren't vulnerable to XSS attacks.
InCVS, thanks.
