xssClean needs HTML context

mattpass · mattpass · commit 5f0d7a5a19c8 · 2014-08-28T21:28:51.000+01:00
diff --git a/lib/github.php b/lib/github.php
@@ -28,7 +28,7 @@
 			</body>
 			<script>
 			top.ICEcoder.githubAuthTokenSet = true;
-			goNext = "'.xssClean($_GET['goNext']).'";
+			goNext = "'.xssClean($_GET['goNext'],"html").'";
 			if (goNext=="showManager") {
 				top.ICEcoder.githubManager();
 			}
@@ -213,4 +213,4 @@ function(err) {
 	}
 
 }
-?>
+?>

Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,7 @@`
`28`	`28`	`</body>`
`29`	`29`	`<script>`
`30`	`30`	`top.ICEcoder.githubAuthTokenSet = true;`
`31`		`- goNext = "'.xssClean($_GET['goNext']).'";`
	`31`	`+ goNext = "'.xssClean($_GET['goNext'],"html").'";`
`32`	`32`	`if (goNext=="showManager") {`
`33`	`33`	`top.ICEcoder.githubManager();`
`34`	`34`	`}`
`@@ -213,4 +213,4 @@ function(err) {`
`213`	`213`	`}`
`214`	`214`
`215`	`215`	`}`
`216`		`-?>`
	`216`	`+?>`