frodovdr/hyperion.ng
1
0
Fork 0
mirror of https://github.com/hyperion-project/hyperion.ng.git synced 2025-03-01 10:33:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix 1292 - Avoid XSS (#1297)

Browse Source 
* Fix 1292 - Avoid XSS

* Fix XSS on EffectConfiguration
This commit is contained in:
LordGrey
2021-08-19 08:52:17 +02:00
committed by GitHub
parent 0227694d20
commit bd3e12d3ac
5 changed files with 11 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
assets/webconfig/js/content_effectsconfigurator.js
View File

@@ -1,8 +1,8 @@
$(document).ready(function () {
performTranslation();
// update instance listing
updateHyperionInstanceListing();
// update instance listing
updateHyperionInstanceListing();
var oldDelList = [];
var effectName = "";
@@ -120,7 +120,7 @@ $(document).ready(function () {
// disable or enable control elements
$("#name-input").on('change keyup', function (event) {
effectName = $(this).val();
effectName = encodeHTML($(this).val());
if ($(this).val() == '') {
effects_editor.disable();
$("#eff_footer").children().attr('disabled', true);

4
assets/webconfig/js/content_general.js
View File

@@ -37,7 +37,7 @@ $(document).ready(function () {
showInfoDialog('renInst', $.i18n('conf_general_inst_renreq_t'), getInstanceNameByIndex(inst));
$("#id_btn_ok").off().on('click', function () {
requestInstanceRename(inst, $('#renInst_name').val())
requestInstanceRename(inst, encodeHTML($('#renInst_name').val()))
});
$('#renInst_name').off().on('input', function (e) {
@@ -94,7 +94,7 @@ $(document).ready(function () {
});
$('#btn_create_inst').off().on('click', function (e) {
requestInstanceCreate($('#inst_name').val());
requestInstanceCreate(encodeHTML($('#inst_name').val()));
$('#inst_name').val("");
$('#btn_create_inst').attr('disabled', true)
});

2
assets/webconfig/js/content_logging.js
View File

@@ -125,7 +125,7 @@ $(document).ready(function () {
var function_ = messages[idx].function;
var line = messages[idx].line;
var file_name = messages[idx].fileName;
var msg = messages[idx].message;
var msg = encodeHTML(messages[idx].message);
var level_string = messages[idx].levelString;
var utime = messages[idx].utime;

2
assets/webconfig/js/content_network.js
View File

@@ -210,7 +210,7 @@ $(document).ready( function() {
}
$('#btn_create_tok').off().on('click',function() {
requestToken($('#tok_comment').val())
requestToken(encodeHTML($('#tok_comment').val()))
$('#tok_comment').val("")
$('#btn_create_tok').attr('disabled', true)
});

4
assets/webconfig/js/ui_utils.js
View File

@@ -1206,3 +1206,7 @@ function showInputOptionsForKey(editor, item, showForKeys, state) {
}
showInputOptions(item, elements, state);
}
function encodeHTML(s) {
return s.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/"/g, '&quot;');
}