Fixed several other XSS's

2019-08-14 00:22:40 +02:00 · 2019-08-14 00:22:40 +02:00 · 4f25a3646e
parent 5fd00abf91
commit 4f25a3646e
1 changed files with 4 additions and 1 deletions
--- a/data/web/js/site/debug.js
+++ b/data/web/js/site/debug.js
@ -482,6 +482,7 @@ jQuery(function($){
        }
        item.symbols[key].str = str;
      });
+      item.subject = escapeHtml(item.subject);
      item.symbols = Object.keys(item.symbols).
      map(function(key) {
        return item.symbols[key];
@ -526,6 +527,8 @@ jQuery(function($){
      $.each(data, function (i, item) {
        if (item.ua == null) {
          item.ua = 'unknown';
+        } else {
+          item.ua = escapeHtml(item.ua);
        }
        item.ua = '<span style="font-size:small">' + item.ua + '</span>';
        if (item.service == "activesync") {
@ -535,7 +538,7 @@ jQuery(function($){
          item.service = '<span class="label label-success">IMAP, SMTP, Cal-/CardDAV</span>';
        }
        else {
-          item.service = '<span class="label label-danger">' + item.service + '</span>';
+          item.service = '<span class="label label-danger">' + escapeHtml(item.service) + '</span>';
        }
      });
    } else if (table == 'watchdog') {