* src/mod_muc/mod_muc_log.erl: Prevent XSS in MUC logs by

linkifying only a few known protocols (EJAB-850) SVN Revision: 1879
author: Badlop <badlop@process-one.net> 2009-02-16 15:32:54 +0000
committer: Badlop <badlop@process-one.net> 2009-02-16 15:32:54 +0000
commit: f6ddd8bc5bc444573b813ee1f85d94d8d8108364 (patch)
tree: 5d6b9d88c2885596941eb0bbbbbcebc992f02868 /src
parent: * src/mod_muc/mod_muc.erl: Export function to create MUC (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/src/mod_muc/mod_muc_log.erl b/src/mod_muc/mod_muc_log.erl
index 6f75a750e..6ef07bc23 100644
--- a/src/mod_muc/mod_muc_log.erl
+++ b/src/mod_muc/mod_muc_log.erl
@@ -752,7 +752,8 @@ htmlize2(S1, NoFollow) ->
     S2 = element(2, regexp:gsub(S1, "\\&", "\\&amp;")),
     S3 = element(2, regexp:gsub(S2, "<", "\\&lt;")),
     S4 = element(2, regexp:gsub(S3, ">", "\\&gt;")),
-    S5 = element(2, regexp:gsub(S4, "[-+.a-zA-Z0-9]+://[^] )\'\"}]+", link_regexp(NoFollow))),
+    S5 = element(2, regexp:gsub(S4, "(http|https|ftp|mailto|xmpp)://[^] )\'\"}]+",
+				link_regexp(NoFollow))),
     %% Remove 'right-to-left override' unicode character 0x202e
     element(2, regexp:gsub(S5, [226,128,174], "[RLO]")).
author	Badlop <badlop@process-one.net>	2009-02-16 15:32:54 +0000
committer	Badlop <badlop@process-one.net>	2009-02-16 15:32:54 +0000
commit	f6ddd8bc5bc444573b813ee1f85d94d8d8108364 (patch)
tree	5d6b9d88c2885596941eb0bbbbbcebc992f02868 /src
parent	* src/mod_muc/mod_muc.erl: Export function to create MUC (diff)