This is the community forum. For a developer response use the Client Area.
Follow us on Facebook, Twitter and YouTube!

pasteword.js "infected"
#1

My web host have put the file pasteword.js in quarantine after a scanning, the scan log says:

... comments/MYADMINFOLDER/tiny_mce/plugins/paste/js/pasteword.js: PUA.HTML.Infected.WebPage-1 FOUND

I guess that this is an error, but I may need some arguments to make my web host believe me when I tell them that the file is ok.

The content, in case you want to check that there has been no tampering with the file:

Code:
tinyMCEPopup.requireLangPack();

var PasteWordDialog = {
    init : function() {
        var ed = tinyMCEPopup.editor, el = document.getElementById('iframecontainer'), ifr, doc, css, cssHTML = '';

        // Create iframe
        el.innerHTML = '<iframe id="iframe" src="javascript:\'\';" frameBorder="0" style="border: 1px solid gray"></iframe>';
        ifr = document.getElementById('iframe');
        doc = ifr.contentWindow.document;

        // Force absolute CSS urls
        css = [ed.baseURI.toAbsolute("themes/" + ed.settings.theme + "/skins/" + ed.settings.skin + "/content.css")];
        css = css.concat(tinymce.explode(ed.settings.content_css) || []);
        tinymce.each(css, function(u) {
            cssHTML += '<link href="' + ed.documentBaseURI.toAbsolute('' + u) + '" rel="stylesheet" type="text/css" />';
        });

        // Write content into iframe
        doc.open();
        doc.write('<html><head>' + cssHTML + '</head><body class="mceContentBody" spellcheck="false"></body></html>');
        doc.close();

        doc.designMode = 'on';
        this.resize();

        window.setTimeout(function() {
            ifr.contentWindow.focus();
        }, 10);
    },

    insert : function() {
        var h = document.getElementById('iframe').contentWindow.document.body.innerHTML;

        tinyMCEPopup.editor.execCommand('mceInsertClipboardContent', false, {content : h, wordContent : true});
        tinyMCEPopup.close();
    },

    resize : function() {
        var vp = tinyMCEPopup.dom.getViewPort(window), el;

        el = document.getElementById('iframe');

        if (el) {
            el.style.width  = (vp.w - 20) + 'px';
            el.style.height = (vp.h - 90) + 'px';
        }
    }
};

tinyMCEPopup.onInit.add(PasteWordDialog.init, PasteWordDialog);

Kim Ludvigsen
Reply
#2

Hi Kim,

The file is okay. It's just because it uses the HTML iframe tag (which is popular with hackers) so the antivirus is being cautious.

You can go to the link below and download the first one (tinymce_3.5.8_jquery.zip) to confirm it's the same (I've already done so):
https://github.com/tinymce/tinymce/downloads

Also:
http://www.zimbra.com/forums/general-que...cript.html
http://www.concrete5.org/community/forum...-tiny_mce/

Have you completed the interview?
Reply
#3

Thanks! I was pretty sure that the file was ok, I just wanted to be 100 percent sure before contacting my web provider.

Kim Ludvigsen
Reply
#4

My web host suggested changing a little in the code, in case you can use the suggestion:

// Create if-rame
el.innerHTML = '<if' + 'rame id="if20131107surf" src="javascript:\'\';" frameBorder="0" style="border: 1px solid gray"></iframe>';
ifr = document.getElementById('if20131107surf');
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)