composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-05-20 07:42:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°3332 Security hardening

Browse Source
This commit is contained in:
Pierre Goiffon
2020-09-23 17:17:05 +02:00
parent 228a945da9
commit 1e634a8bba
2 changed files with 32 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
js/breadcrumb.js
View File

@@ -60,23 +60,24 @@ $(function()
if (oEntry['label'].length > 0) if (oEntry['label'].length > 0)
{ {
var sIconSpec = ''; var sIconSpec = '';
if (oEntry['icon'].length > 0) if (oEntry['icon'].length > 0) {
{
sIconSpec = '<span class="icon"><img src="'+oEntry['icon']+'"/></span>'; sIconSpec = '<span class="icon"><img src="'+oEntry['icon']+'"/></span>';
} }
var sTitle = oEntry['description'];
var sTitle = oEntry['description'],
sLabel = oEntry['label'];
if (sTitle.length == 0) { if (sTitle.length == 0) {
sTitle = oEntry['label']; sTitle = oEntry['label'];
} }
if ((this.options.new_entry !== null) && (iEntry == aBreadCrumb.length - 1)) sTitle = SanitizeHtml(sTitle);
{ sLabel = SanitizeHtml(sLabel);
if ((this.options.new_entry !== null) && (iEntry == aBreadCrumb.length-1)) {
// Last entry is the current page // Last entry is the current page
sBreadCrumbHtml += '<div class="breadcrumb-item breadcrumb-current" breadcrumb-entry="'+iEntry+'" title="'+sTitle+'">'+sIconSpec+'<span class="truncate">'+oEntry['label']+'</span></div>'; sBreadCrumbHtml += '<div class="breadcrumb-item breadcrumb-current" breadcrumb-entry="'+iEntry+'" title="'+sTitle+'">'+sIconSpec+'<span class="truncate">'+sLabel+'</span></div>';
} } else {
else
{
var sSanitizedUrl = StripArchiveArgument(oEntry['url']); var sSanitizedUrl = StripArchiveArgument(oEntry['url']);
sBreadCrumbHtml += '<div class="breadcrumb-item"><a class="breadcrumb-link" breadcrumb-entry="'+iEntry+'" href="'+sSanitizedUrl+'" title="'+sTitle+'">'+sIconSpec+'<span class="truncate">'+oEntry['label']+'</span></a></div>'; sBreadCrumbHtml += '<div class="breadcrumb-item"><a class="breadcrumb-link" breadcrumb-entry="'+iEntry+'" href="'+sSanitizedUrl+'" title="'+sTitle+'">'+sIconSpec+'<span class="truncate">'+sLabel+'</span></a></div>';
} }
} }
} }

20
js/utils.js
View File

@@ -669,6 +669,23 @@ function DisplayHistory(sSelector, sFilter, iCount, iStart) {
); );
} }
/**
* @param sValue value to escape
* @returns {string} sanitized value, ready to insert in the DOM without XSS risk
*
* @since 2.6.5, 2.7.2, 2.8.0 N°3332
* @see https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#rule-1-html-encode-before-inserting-untrusted-data-into-html-element-content
*/
function SanitizeHtml(sValue) {
return (sValue+'')
.replace(/&/g, '&amp;')
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;')
.replace(/"/g, '&quot;')
.replace(/'/g, '&#x27;')
.replace(/\//g, '&#x2F;');
}
// Very simple equivalent to format: placeholders are %1$s %2$d ... // Very simple equivalent to format: placeholders are %1$s %2$d ...
function Format() { function Format() {
var args = []; var args = [];
@@ -676,8 +693,7 @@ function Format() {
if (arguments[0] instanceof Array) { if (arguments[0] instanceof Array) {
str = arguments[0][0].toString(); str = arguments[0][0].toString();
args = arguments[0]; args = arguments[0];
} } else {
else {
str = arguments[0].toString(); str = arguments[0].toString();
if (arguments.length > 1) { if (arguments.length > 1) {
var t = typeof arguments[1]; var t = typeof arguments[1];