diff --git a/html5/connect.html b/html5/connect.html
index 855b8121..fbcc733b 100644
--- a/html5/connect.html
+++ b/html5/connect.html
@@ -1192,20 +1192,27 @@ Advanced options
}
}
}
+ function safe_command(command) {
+ return Utilities.removeChars('a-zA-Z0-9\-%_/\\"', command);
+ }
+ function safe_name(name) {
+ return Utilities.removeChars('a-zA-Z0-9\-%"', name);
+ }
function populate_commands() {
let selected_category = command_category.value;
let entries = response[selected_category].Entries;
command_entry.innerText = null;
for (let e in entries) {
let entry = entries[e];
- let command_exec = entry.TryExec || entry.Exec;
+ const command_exec = safe_command(entry.TryExec || entry.Exec);
+ const name = safe_name(entry.Name);
if (default_start == command_exec) {
$("select#command_entry").append(
- '' + entry.Name + " "
+ '' + name + " "
);
} else {
$("select#command_entry").append(
- '' + entry.Name + " "
+ '' + name + " "
);
}
}
@@ -1216,7 +1223,7 @@ Advanced options
command_category.addEventListener("change", populate_commands);
command_category.innerText = null;
for (let c in categories) {
- let category = categories[c];
+ let category = safe_name(categories[c]);
if (category == current_category) {
$("select#command_category").append(
'' + category + " "
@@ -1277,14 +1284,14 @@ Advanced options
for (let d in desktop_sessions) {
let desktop_session = desktop_sessions[d];
let attributes = response[desktop_session];
- let command_exec = attributes.TryExec || attributes.Exec;
+ let command_exec = safe_command(attributes.TryExec || attributes.Exec);
let selected = "";
if (default_start_desktop && default_start_desktop == command_exec) {
selected = ' selected="selected" ';
default_start_desktop = null;
}
$("select#desktop_entry").append(
- "' + desktop_session + ""
+ "' + safe_name(desktop_session) + ""
);
}
desktop_entry_changed();
@@ -1299,6 +1306,9 @@ Advanced options
);
}
+ function safe_session(name) {
+ return Utilities.removeChars('a-zA-Z0-9\:-%"', name);
+ }
const display = getparam("display") || "";
function init_shadow_display() {
json_action(
@@ -1309,7 +1319,7 @@ Advanced options
select_shadow_display.innerText = null;
for (let d in displays) {
let display_option = displays[d];
- let label = display_option;
+ let label = safe_session(display_option);
let selected = "";
let attr = response[display_option];
if (attr && attr.wmname) {
@@ -1368,7 +1378,7 @@ Advanced options
selected = ' selected="selected" ';
}
$("select#select_display").append(
- "" + session_string + ""
+ "" + safe_session(session_string) + ""
);
count += 1;
}
diff --git a/html5/js/Utilities.js b/html5/js/Utilities.js
index 4961a9bf..833b3b3a 100644
--- a/html5/js/Utilities.js
+++ b/html5/js/Utilities.js
@@ -35,6 +35,11 @@ const Utilities = {
);
},
+ removeChars(validChars, inputString) {
+ var regex = new RegExp('[^' + validChars + ']', 'g');
+ return inputString.replace(regex, '');
+ },
+
getHexUUID() {
const s = [];
const hexDigits = "0123456789abcdef";