Skip to content

Commit

Permalink
prevent simple XSS from server menu data
Browse files Browse the repository at this point in the history
  • Loading branch information
@totaam
totaam committed Jul 2, 2024
1 parent 020e33a commit dab2675
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 8 deletions.
26 changes: 18 additions & 8 deletions html5/connect.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1192,20 +1192,27 @@ <h4 class="panel-title">Advanced options</h4>
}
}
}
function safe_command(command) {
return Utilities.removeChars('a-zA-Z0-9\-%_/\\"', command);
}
function safe_name(name) {
return Utilities.removeChars('a-zA-Z0-9\-%"', name);
}
function populate_commands() {
let selected_category = command_category.value;
let entries = response[selected_category].Entries;
command_entry.innerText = null;
for (let e in entries) {
let entry = entries[e];
let command_exec = entry.TryExec || entry.Exec;
const command_exec = safe_command(entry.TryExec || entry.Exec);
const name = safe_name(entry.Name);
if (default_start == command_exec) {
$("select#command_entry").append(
'<option selected="selected" value="' + command_exec +'">' + entry.Name + "</option>"
'<option selected="selected" value="' + command_exec +'">' + name + "</option>"
);
} else {
$("select#command_entry").append(
'<option value="' + command_exec + '">' + entry.Name + "</option>"
'<option value="' + command_exec + '">' + name + "</option>"
);
}
}
Expand All @@ -1216,7 +1223,7 @@ <h4 class="panel-title">Advanced options</h4>
command_category.addEventListener("change", populate_commands);
command_category.innerText = null;
for (let c in categories) {
let category = categories[c];
let category = safe_name(categories[c]);
if (category == current_category) {
$("select#command_category").append(
'<option selected="selected">' + category + "</option>"
Expand Down Expand Up @@ -1277,14 +1284,14 @@ <h4 class="panel-title">Advanced options</h4>
for (let d in desktop_sessions) {
let desktop_session = desktop_sessions[d];
let attributes = response[desktop_session];
let command_exec = attributes.TryExec || attributes.Exec;
let command_exec = safe_command(attributes.TryExec || attributes.Exec);
let selected = "";
if (default_start_desktop && default_start_desktop == command_exec) {
selected = ' selected="selected" ';
default_start_desktop = null;
}
$("select#desktop_entry").append(
"<option" + selected + ' value="' + command_exec + '">' + desktop_session + "</option>"
"<option" + selected + ' value="' + command_exec + '">' + safe_name(desktop_session) + "</option>"
);
}
desktop_entry_changed();
Expand All @@ -1299,6 +1306,9 @@ <h4 class="panel-title">Advanced options</h4>
);
}

function safe_session(name) {
return Utilities.removeChars('a-zA-Z0-9\:-%"', name);
}
const display = getparam("display") || "";
function init_shadow_display() {
json_action(
Expand All @@ -1309,7 +1319,7 @@ <h4 class="panel-title">Advanced options</h4>
select_shadow_display.innerText = null;
for (let d in displays) {
let display_option = displays[d];
let label = display_option;
let label = safe_session(display_option);
let selected = "";
let attr = response[display_option];
if (attr && attr.wmname) {
Expand Down Expand Up @@ -1368,7 +1378,7 @@ <h4 class="panel-title">Advanced options</h4>
selected = ' selected="selected" ';
}
$("select#select_display").append(
"<option" + selected + " value=" + session + ">" + session_string + "</option>"
"<option" + selected + " value=" + session + ">" + safe_session(session_string) + "</option>"
);
count += 1;
}
Expand Down
5 changes: 5 additions & 0 deletions html5/js/Utilities.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,11 @@ const Utilities = {
);
},

removeChars(validChars, inputString) {
var regex = new RegExp('[^' + validChars + ']', 'g');
return inputString.replace(regex, '');
},

getHexUUID() {
const s = [];
const hexDigits = "0123456789abcdef";
Expand Down

0 comments on commit dab2675

Please sign in to comment.