search

emposha / FCBKcomplete

Jquery facebook like(fancy) multi-select
http://www.emposha.com
383 stars 115 forks source link

Infinity cycling #129

Open dsteb opened 11 years ago

dsteb commented 11 years ago

function xssPrevent(string, flag) goes in infinity loop if the text in input is something like «^1%». It's because of escaping in for loop:

master/jquery.fcbkcomplete.js:lines 441-448:

      for(i = 0; i < string.length; i++) {
        var charcode = string.charCodeAt(i);
        if ((_key.exclamation <= charcode && charcode <= _key.slash) ||
            (_key.colon <= charcode && charcode <= _key.at) ||
            (_key.squarebricket_left <= charcode && charcode <= _key.apostrof)) {
          string = string.replace(string[i], escape(string[i]));
        }
      }

Javascripts hangs up and browser hangs up.

dsteb commented 11 years ago

The problem is in wrong usage of «String.replace». If there are several occurancies of identical characters in string, «String.replace» is replacing only first always. And the cycle goes forever.

«^1%» ^ replaces to %5E, but last % replaces first % to %25 again, and we gets %255E%, and it's forever %2525E% ... %252525E% ....

The solution is replace character at position: 446: »»» string = string.replace(string[i], escape(string[i])); 446: string = string.substring(0, i) + escape(string[i]) + string.substring(i + 1);