From 06a3ed311f0c94693dd0d4bda31f69896c304b65 Mon Sep 17 00:00:00 2001 From: JisanAR03 Date: Thu, 2 Nov 2023 16:52:11 +0600 Subject: [PATCH 1/3] fix security issue #1516 --- website/static/vendor/jquery/jquery.js | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/website/static/vendor/jquery/jquery.js b/website/static/vendor/jquery/jquery.js index 548800096..0b80d3094 100644 --- a/website/static/vendor/jquery/jquery.js +++ b/website/static/vendor/jquery/jquery.js @@ -5700,7 +5700,16 @@ jQuery.extend({ htmlPrefilter: function (html) { - var expandedHTML = html.replace(rxhtmlTag, "<$1>"); + var safeTagsToExpand = /<([a-z]+)([^<]*)\/>/gi; + var expandedHTML = html.replace(safeTagsToExpand, function(match, tag, attributes) { + // Check if the tag is one that should never be self-closing + if (!/^(?:area|br|col|embed|hr|img|input|link|meta|param)$/i.test(tag)) { + return "<" + tag + attributes + ">"; + } else { + // If it's a self-closing tag, leave it as is + return match; + } + }); return sanitizeHTML(expandedHTML); }, From 27ee99c7a1f786ea0f62896d4ff08f0afd83b360 Mon Sep 17 00:00:00 2001 From: JisanAR03 Date: Thu, 2 Nov 2023 23:48:38 +0600 Subject: [PATCH 2/3] fix security issue #1333 --- website/templates/report.html | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/website/templates/report.html b/website/templates/report.html index a0533ab44..bdedba660 100644 --- a/website/templates/report.html +++ b/website/templates/report.html @@ -401,14 +401,17 @@

fileList.map(file => { let src = URL.createObjectURL(file); - $("#files_manage").append(` -
-
-

${file.name.slice(0,20)}...

-
- -
- `) + let safeName = $("
").text(file.name).html(); + let safeNameDisplay = safeName.slice(0, 20) + (safeName.length > 20 ? "..." : ""); + // Use the safe name for display and in the onclick handler + let fileDiv = $("
").addClass("w-full md:w-[300px] h-[180px] overflow-hidden rounded-lg").attr("onclick", `previewFile('${safeName}')`); + let titleDiv = $("
").addClass("w-full h-10 flex justify-center rounded-t-lg p-2 bg-gray-500"); + let titleP = $("

").addClass("text-xl text-white font-bold").text(safeNameDisplay); + let img = $("").addClass("object-cover").attr("src", src); + + titleDiv.append(titleP); + fileDiv.append(titleDiv).append(img); + $("#files_manage").append(fileDiv); }) }); From 0ffb73a3992d78d9ac1501a2868ec95fd3937b92 Mon Sep 17 00:00:00 2001 From: JisanAR03 Date: Fri, 3 Nov 2023 00:37:56 +0600 Subject: [PATCH 3/3] fix security issue #1337 --- website/templates/report.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/templates/report.html b/website/templates/report.html index bdedba660..e7b9d81f1 100644 --- a/website/templates/report.html +++ b/website/templates/report.html @@ -407,7 +407,7 @@

let fileDiv = $("
").addClass("w-full md:w-[300px] h-[180px] overflow-hidden rounded-lg").attr("onclick", `previewFile('${safeName}')`); let titleDiv = $("
").addClass("w-full h-10 flex justify-center rounded-t-lg p-2 bg-gray-500"); let titleP = $("

").addClass("text-xl text-white font-bold").text(safeNameDisplay); - let img = $("").addClass("object-cover").attr("src", src); + let img = $("").addClass("object-cover").attr("src", escapeHtml(src)); titleDiv.append(titleP); fileDiv.append(titleDiv).append(img);