2013-02-06ã«ä»¥ä¸ã®èå¼±æ§æ å ±ãå ¬éããã¾ããã RDoc ã§çæãã HTML ããã¥ã¡ã³ãã«ããã XSS èå¼±æ§ (CVE-2013-0256) ããã¯RDocã®èå¼±æ§æ å ±ã§ãããå®éã«ã¯darkfish.jsã¨ãããã¡ã¤ã«ã®ä¿®æ£ã®ã¿ã§ããJSã®åé¡ã§ãããã¨ããããã¾ãã åé¡ã®darkfish.jsã確èªããã¨è©²å½ã®å¦çã¯ãvar anchor = window.location.hash.substring(1);ããåå¾ããå¤ã$(âa[name=â + anchor + â]â);ã«æ¸¡ãããå¦çã§ãã£ããã¨ããããã¾ãã ï¼ãã®ãã¡ã¤ã«ãèå¼±æ§æ å ±ã®ãã¡ã¤ã«ã¨åããã¯ç¢ºèªãã¦ãªãã§ããããã¡ã¤ã«åã¨ã³ã¼ãããåä¸ã¨å¤æãã¾ããï¼ ä¿®æ£æ¹æ³ã¨ãã¦ã¯$(âa[name=â + anchor + â]â)ã§ã®ã»ã¬ã¯ã¿ã¼åãè¾¼ã¿ãããã¦$(âa[name]â).eachã®e
{{#tags}}- {{label}}
{{/tags}}