diff options
| author | Mike Macgirvin <mike@macgirvin.com> | 2018-10-31 15:56:08 +1100 |
|---|---|---|
| committer | Mike Macgirvin <mike@macgirvin.com> | 2018-10-31 15:56:08 +1100 |
| commit | 7e1f431eca7a8aa68fc0badfaa88e88de3ba094c (patch) | |
| tree | 16beba352cd4ace4aa6eb13c7f9c1c82c92013b4 /library/blueimp_upload/cors | |
| parent | 70c55da1df69d90dcbeb5a78c994b23a8456bfc9 (diff) | |
| download | volse-hubzilla-7e1f431eca7a8aa68fc0badfaa88e88de3ba094c.tar.gz volse-hubzilla-7e1f431eca7a8aa68fc0badfaa88e88de3ba094c.tar.bz2 volse-hubzilla-7e1f431eca7a8aa68fc0badfaa88e88de3ba094c.zip | |
yet another blueimp vulnerability. Move to composer.
Diffstat (limited to 'library/blueimp_upload/cors')
| -rw-r--r-- | library/blueimp_upload/cors/postmessage.html | 75 | ||||
| -rw-r--r-- | library/blueimp_upload/cors/result.html | 24 |
2 files changed, 0 insertions, 99 deletions
diff --git a/library/blueimp_upload/cors/postmessage.html b/library/blueimp_upload/cors/postmessage.html deleted file mode 100644 index 6a56cf0b6..000000000 --- a/library/blueimp_upload/cors/postmessage.html +++ /dev/null @@ -1,75 +0,0 @@ -<!DOCTYPE HTML> -<!-- -/* - * jQuery File Upload Plugin postMessage API - * https://github.com/blueimp/jQuery-File-Upload - * - * Copyright 2011, Sebastian Tschan - * https://blueimp.net - * - * Licensed under the MIT license: - * https://opensource.org/licenses/MIT - */ ---> -<html lang="en"> -<head> -<meta charset="utf-8"> -<title>jQuery File Upload Plugin postMessage API</title> -<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script> -</head> -<body> -<script> -/*jslint unparam: true, regexp: true */ -/*global $, Blob, FormData, location */ -'use strict'; -var origin = /^http:\/\/example.org/, - target = new RegExp('^(http(s)?:)?\\/\\/' + location.host + '\\/'); -$(window).on('message', function (e) { - e = e.originalEvent; - var s = e.data, - xhr = $.ajaxSettings.xhr(), - f; - if (!origin.test(e.origin)) { - throw new Error('Origin "' + e.origin + '" does not match ' + origin); - } - if (!target.test(e.data.url)) { - throw new Error('Target "' + e.data.url + '" does not match ' + target); - } - $(xhr.upload).on('progress', function (ev) { - ev = ev.originalEvent; - e.source.postMessage({ - id: s.id, - type: ev.type, - timeStamp: ev.timeStamp, - lengthComputable: ev.lengthComputable, - loaded: ev.loaded, - total: ev.total - }, e.origin); - }); - s.xhr = function () { - return xhr; - }; - if (!(s.data instanceof Blob)) { - f = new FormData(); - $.each(s.data, function (i, v) { - f.append(v.name, v.value); - }); - s.data = f; - } - $.ajax(s).always(function (result, statusText, jqXHR) { - if (!jqXHR.done) { - jqXHR = result; - result = null; - } - e.source.postMessage({ - id: s.id, - status: jqXHR.status, - statusText: statusText, - result: result, - headers: jqXHR.getAllResponseHeaders() - }, e.origin); - }); -}); -</script> -</body> -</html> diff --git a/library/blueimp_upload/cors/result.html b/library/blueimp_upload/cors/result.html deleted file mode 100644 index e3d629814..000000000 --- a/library/blueimp_upload/cors/result.html +++ /dev/null @@ -1,24 +0,0 @@ -<!DOCTYPE HTML> -<!-- -/* - * jQuery Iframe Transport Plugin Redirect Page - * https://github.com/blueimp/jQuery-File-Upload - * - * Copyright 2010, Sebastian Tschan - * https://blueimp.net - * - * Licensed under the MIT license: - * https://opensource.org/licenses/MIT - */ ---> -<html lang="en"> -<head> -<meta charset="utf-8"> -<title>jQuery Iframe Transport Plugin Redirect Page</title> -</head> -<body> -<script> -document.body.innerText=document.body.textContent=decodeURIComponent(window.location.search.slice(1)); -</script> -</body> -</html> |