SECURITY UPDATE: Fixed cross-site scripting issue in redirect result page.

Although setting HTML element content via innerHTML ignores script
tags, it is possible to run arbitrary script code by using the onerror
handler of img tags:

result.html?<img src="foo.png" onerror="alert(document.cookie)"/>

Setting the body content via textContent/innerText fixes this security
hole.

Thanks to Diederik van der Boor for the report and proof-of-concept.

Author: blueimp

cors/result.html

@@ -1,7 +1,7 @@
 <!DOCTYPE HTML>
 <!--
 /*
- * jQuery Iframe Transport Plugin Redirect Page 2.0
+ * jQuery Iframe Transport Plugin Redirect Page 2.0.1
  * https://github.com/blueimp/jQuery-File-Upload
  *
  * Copyright 2010, Sebastian Tschan
@@ -16,5 +16,9 @@
 <meta charset="utf-8">
 <title>jQuery Iframe Transport Plugin Redirect Page</title>
 </head>
-<body><script>document.body.innerHTML=decodeURIComponent(window.location.search.slice(1));</script></body>
-</html>
+<body>
+<script>
+document.body.innerText=document.body.textContent=decodeURIComponent(window.location.search.slice(1));
+</script>
+</body>
+</html>