AIL/ail-framework
7
0
Fork 0
mirror of https://github.com/ail-project/ail-framework.git synced 2024-11-10 08:38:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixed potential XSS problem with pastes display in 'search' and 'important_paste_by_module'.

Browse source
This commit is contained in:
Mokaddem 2016-08-23 09:08:17 +02:00
parent 047331df3e
commit 1766ced9e6
2 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
var/www/templates/important_paste_by_module.html
View file

@ -92,7 +92,8 @@ $(document).ready(function(){
} }
if (final_index != start_index){ // still have data to display if (final_index != start_index){ // still have data to display
$("#mymodalbody").find("#paste-holder").text($("#mymodalbody").find("#paste-holder").text()+complete_paste.substring(start_index+1, final_index+1)); // Append the new content // Append the new content using text() and not append (XSS)
$("#mymodalbody").find("#paste-holder").text($("#mymodalbody").find("#paste-holder").text()+complete_paste.substring(start_index+1, final_index+1));
start_index = final_index; start_index = final_index;
if (flag_stop) if (flag_stop)
nothing_to_display(); nothing_to_display();

3
var/www/templates/search.html
View file

@ -196,7 +196,8 @@
} }
if (final_index != start_index){ // still have data to display if (final_index != start_index){ // still have data to display
$("#mymodalbody").find("#paste-holder").append(complete_paste.substring(start_index+1, final_index+1)); // Append the new content // Append the new content using text() and not append (XSS)
$("#mymodalbody").find("#paste-holder").text($("#mymodalbody").find("#paste-holder").text() + complete_paste.substring(start_index+1, final_index+1));
start_index = final_index; start_index = final_index;
if (flag_stop) if (flag_stop)
nothing_to_display(); nothing_to_display();