Skip to content

Commit 968d549

Browse files
committed
some improvements to reallly hopefully prevent xss
1 parent 2fac31f commit 968d549

1 file changed

Lines changed: 31 additions & 21 deletions

File tree

gcp/website/frontend3/src/triage.js

Lines changed: 31 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -58,46 +58,56 @@ document.addEventListener("DOMContentLoaded", () => {
5858
},
5959
};
6060

61+
function escapeHtml(text) {
62+
const div = document.createElement('div');
63+
div.textContent = text;
64+
return div.innerHTML;
65+
}
66+
6167
function syntaxHighlight(json) {
6268
if (typeof json !== 'string') {
6369
json = JSON.stringify(json, undefined, 2);
6470
}
65-
json = json.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
66-
return json.replace(/("(\\u[a-zA-Z0-9]{4}|\\[^u]|[^\\"])*"(\s*:)?|\b(true|false|null)\b|-?\d+(?:\.\d*)?(?:[eE][+-]?\d+)?)/g, function (match) {
67-
let cls = 'json-number';
68-
if (/^"/.test(match)) {
69-
if (/:$/.test(match)) {
70-
cls = 'json-key';
71-
} else {
72-
cls = 'json-string';
71+
72+
const escapedJson = escapeHtml(json);
73+
74+
return escapedJson.replace(
75+
/("(\\u[a-zA-Z0-9]{4}|\\[^u]|[^\\"])*"(\s*:)?|\b(true|false|null)\b|-?\d+(?:\.\d*)?(?:[eE][+-]?\d+)?)/g,
76+
function (match) {
77+
let cls = 'json-number';
78+
if (/^"/.test(match)) {
79+
if (/:$/.test(match)) {
80+
cls = 'json-key';
81+
} else {
82+
cls = 'json-string';
83+
}
84+
} else if (/true|false/.test(match)) {
85+
cls = 'json-boolean';
86+
} else if (/null/.test(match)) {
87+
cls = 'json-null';
7388
}
74-
} else if (/true|false/.test(match)) {
75-
cls = 'json-boolean';
76-
} else if (/null/.test(match)) {
77-
cls = 'json-null';
89+
return `<span class="${cls}">${match}</span>`;
7890
}
79-
return '<span class="' + cls + '">' + match + '</span>';
80-
});
91+
);
8192
}
8293

8394
async function fetchData(sourceKey, vulnId) {
8495
const config = sourceConfigMap[sourceKey];
8596
let url;
97+
98+
const safeId = encodeURIComponent(vulnId);
8699

87100
if (config.proxySource) {
88-
url = `/triage/proxy?source=${config.proxySource}&id=${vulnId}`;
101+
url = `/triage/proxy?source=${encodeURIComponent(config.proxySource)}&id=${safeId}`;
89102
} else if (config.urlTemplate) {
90-
url = config.urlTemplate.replace("{id}", vulnId);
103+
url = config.urlTemplate.replace("{id}", safeId);
91104
} else {
92-
return Promise.reject(new Error("Invalid configuration"));
105+
throw new Error("Invalid configuration");
93106
}
94107

95108
const response = await fetch(url);
96109
if (!response.ok) {
97-
if (response.status === 404) {
98-
throw new Error("Not Found");
99-
}
100-
throw new Error(`Error: ${response.statusText}`);
110+
throw new Error(response.status === 404 ? "Not Found" : `Error: ${response.statusText}`);
101111
}
102112
return response.json();
103113
}

0 commit comments

Comments
 (0)