paxton
/
mailcow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Web] Fixed one more possible XSS 

XSS might be possible when using a specific-crafted request (harder than previous ones). Might also easily cause JS errors and making the "mailcow UI"-logs not accessible anymore
master
Patrik Kernstock 2019-08-14 22:19:50 +02:00 committed by GitHub
parent 4f25a3646e
commit 409ecf7fd5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
data/web/js/site/debug.js
View File

@ -564,6 +564,7 @@ jQuery(function($){
$.each(data, function (i, item) { $.each(data, function (i, item) {
if (item === null) { return true; } if (item === null) { return true; }
item.user = escapeHtml(item.user); item.user = escapeHtml(item.user);
item.call = escapeHtml(item.call);
item.task = '<code>' + item.task + '</code>'; item.task = '<code>' + item.task + '</code>';
item.type = '<span class="label label-' + item.type + '">' + item.type + '</span>'; item.type = '<span class="label label-' + item.type + '">' + item.type + '</span>';
}); });