Skip to content
Snippets Groups Projects
Unverified Commit 8bf34987 authored by Xaver Maierhofer's avatar Xaver Maierhofer
Browse files

[TASK] Prevent XSS in tooltip

parent 2192500d
No related branches found
No related tags found
No related merge requests found
...@@ -87,7 +87,7 @@ define(['leaflet', 'rbush', 'helper', 'moment'], ...@@ -87,7 +87,7 @@ define(['leaflet', 'rbush', 'helper', 'moment'],
m.on('click', function () { m.on('click', function () {
router.fullUrl({ node: d.node_id }); router.fullUrl({ node: d.node_id });
}); });
m.bindTooltip(d.hostname); m.bindTooltip(helper.escape(d.hostname));
dict[d.node_id] = m; dict[d.node_id] = m;
...@@ -114,7 +114,7 @@ define(['leaflet', 'rbush', 'helper', 'moment'], ...@@ -114,7 +114,7 @@ define(['leaflet', 'rbush', 'helper', 'moment'],
line.setStyle(opts); line.setStyle(opts);
}; };
line.bindTooltip(d.source.hostname + '' + d.target.hostname + line.bindTooltip(helper.escape(d.source.hostname + '' + d.target.hostname) +
'<br><strong>' + helper.showDistance(d) + ' / ' + helper.showTq(d.source_tq) + ' - ' + helper.showTq(d.target_tq) + '<br>' + d.type + '</strong>'); '<br><strong>' + helper.showDistance(d) + ' / ' + helper.showTq(d.source_tq) + ' - ' + helper.showTq(d.target_tq) + '<br>' + d.type + '</strong>');
line.on('click', function () { line.on('click', function () {
......
...@@ -196,5 +196,11 @@ define({ ...@@ -196,5 +196,11 @@ define({
btn.classList.add('ion-full-enter'); btn.classList.add('ion-full-enter');
} }
} }
},
escape: function escape(string) {
return string.replace(/</g, '&lt;')
.replace(/>/g, '&gt;')
.replace(/"/g, '&#34;')
.replace(/'/g, '&#39;');
} }
}); });
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment