Security Fox of Flash SWF that had enabled Cross Site Scripting (XSS)

jplayer · Apr 12, 2013 · c5fe17b · c5fe17b
1 parent 55a5196
commit c5fe17b
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 6 deletions.
diff --git a/actionscript/Jplayer.as b/actionscript/Jplayer.as
@@ -239,7 +239,7 @@ package {
 			}
 		}
 		private function illegalChar(s:String):Boolean {
-			var illegals:String = "' \" ( ) { } * + / \\ < > = document";
+			var illegals:String = "' \" ( ) { } * + / \\ < > = document alert";
 			if(Boolean(s)) { // Otherwise exception if parameter null.
 				for each (var illegal:String in illegals.split(' ')) {
 					if(s.indexOf(illegal) >= 0) {

diff --git a/actionscript/happyworm/jPlayer/JplayerStatus.as b/actionscript/happyworm/jPlayer/JplayerStatus.as
@@ -14,7 +14,7 @@
 package happyworm.jPlayer {
 	public class JplayerStatus {
 
-		public static const VERSION:String = "2.2.20"; // The version of the Flash jPlayer entity.
+		public static const VERSION:String = "2.2.23"; // The version of the Flash jPlayer entity.
 
 		public var volume:Number = 0.5; // Not affected by reset()
 		public var muted:Boolean = false; // Not affected by reset()

diff --git a/jquery.jplayer/Jplayer.swf b/jquery.jplayer/Jplayer.swf
diff --git a/jquery.jplayer/jquery.jplayer.js b/jquery.jplayer/jquery.jplayer.js
@@ -8,8 +8,8 @@
  *  - http://www.gnu.org/copyleft/gpl.html
  *
  * Author: Mark J Panaghiston
- * Version: 2.2.22
- * Date: 29th March 2013
+ * Version: 2.2.23
+ * Date: 12th April 2013
  */
 
 /* Code verified using http://www.jshint.com/ */
@@ -454,8 +454,8 @@
 	$.jPlayer.prototype = {
 		count: 0, // Static Variable: Change it via prototype.
 		version: { // Static Object
-			script: "2.2.22",
-			needFlash: "2.2.20",
+			script: "2.2.23",
+			needFlash: "2.2.23",
 			flash: "unknown"
 		},
 		options: { // Instanced in $.jPlayer() constructor