changeset 690:6a489a6b3cbc

fix theme security
author Franklin Schmidt <fschmidt@gmail.com>
date Mon, 18 Apr 2016 17:20:08 -0600
parents 51a134a8c89b
children 5b9c7f8529ee
files core/src/luan/modules/parsers/Theme.java
diffstat 1 files changed, 6 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
diff -r 51a134a8c89b -r 6a489a6b3cbc core/src/luan/modules/parsers/Theme.java
--- a/core/src/luan/modules/parsers/Theme.java	Mon Apr 18 17:02:16 2016 -0600
+++ b/core/src/luan/modules/parsers/Theme.java	Mon Apr 18 17:20:08 2016 -0600
@@ -87,6 +87,12 @@
 				stmts.append(simpleTag);
 				continue;
 			}
+			if( parser.match("<%") ) {
+				addText(start,end,stmts);
+				start = parser.currentIndex();
+				stmts.append("%><%='<%'%><%");
+				continue;
+			}
 			parser.anyChar();
 			end = parser.currentIndex();
 		}