pixeldrain/fnx_web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix XSS vulnerability on the viewer page

Browse Source
This commit is contained in:
Wim Brand
2017-12-04 22:00:25 +01:00
parent 5e81e945d3
commit 837fc8859b
3 changed files with 16 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
res/static/res/script/DetailsWindow.js
View File

@@ -11,13 +11,13 @@ var DetailsWindow = {
}, },
setDetails: function (file) { setDetails: function (file) {
var fileInfo = "<table>" var fileInfo = "<table>"
+ "<tr><td>Name<td><td>" + file.file_name + "</td></tr>" + "<tr><td>Name<td><td>" + escapeHTML(file.file_name) + "</td></tr>"
+ "<tr><td>Url<td><td><a href=\"/u/" + file.id + "\">Open</a></td></tr>" + "<tr><td>Url<td><td><a href=\"/u/" + file.id + "\">Open</a></td></tr>"
+ "<tr><td>Mime Type<td><td>" + file.mime + "</td></tr>" + "<tr><td>Mime Type<td><td>" + escapeHTML(file.mime) + "</td></tr>"
+ "<tr><td>Id<td><td>" + file.id + "</td></tr>" + "<tr><td>Id<td><td>" + file.id + "</td></tr>"
+ "<tr><td>Size<td><td class=\"bytecounter\">" + file.file_size + "</td></tr>" + "<tr><td>Size<td><td class=\"bytecounter\">" + file.file_size + "</td></tr>"
+ "<tr><td>Upload Date<td><td>" + file.date_upload + "</td></tr>" + "<tr><td>Upload Date<td><td>" + file.date_upload + "</td></tr>"
+ "<tr><td>Description<td><td>" + file.desc + "</td></tr>" + "<tr><td>Description<td><td>" + escapeHTML(file.desc) + "</td></tr>"
+ "</table>"; + "</table>";
$("#info-fileDetails").html(fileInfo); $("#info-fileDetails").html(fileInfo);
} }

6
res/static/res/script/ListNavigator.js
View File

@@ -127,9 +127,9 @@ var ListNavigator = {
var thumb = this.data[i].thumbnail; var thumb = this.data[i].thumbnail;
var name = this.data[i].file_name; var name = this.data[i].file_name;
var itemHtml = name + "<br>" var itemHtml = escapeHTML(name) + "<br>"
+ "<img src=\"" + thumb + "\" " + "<img src=\"" + thumb + "\" "
+ "class=\"listItemThumbnail lazy\" alt=\"" + name + "\"/>"; + "class=\"listItemThumbnail lazy\" alt=\"" + escapeHTML(name) + "\"/>";
navigatorItems[i].innerHTML = itemHtml; navigatorItems[i].innerHTML = itemHtml;
} }
@@ -150,7 +150,7 @@ var ListNavigator = {
var itemHtml = "<div class=\"listItem\" " var itemHtml = "<div class=\"listItem\" "
+ "onClick=\"ListNavigator.setItem('" + i + "')\">" + "onClick=\"ListNavigator.setItem('" + i + "')\">"
+ filename + "<br>" + escapeHTML(filename) + "<br>"
// + "<img src=\"/api/thumbnail/" + item.id + "\" " // Lazy Loading // + "<img src=\"/api/thumbnail/" + item.id + "\" " // Lazy Loading
// + "class=\"listItemThumbnail lazy\" alt=\"" + filename + "\"/>" // + "class=\"listItemThumbnail lazy\" alt=\"" + filename + "\"/>"
+ "</div>"; + "</div>";

9
res/static/res/script/Viewer.js
View File

@@ -43,3 +43,12 @@ var Viewer = {
Toolbar.setViews(file.views); Toolbar.setViews(file.views);
} }
}; };
// Against XSS attacks
function escapeHTML(str) {
return String(str)
.replace(/&/g, '&amp;')
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;')
.replace(/"/g, '&quot;');
}