From 6d3ca3f56cf2675500cebc3f542d2c06a0cba646 Mon Sep 17 00:00:00 2001 From: Brunon Blok <43315279+brun0ne@users.noreply.github.com> Date: Thu, 6 Apr 2023 23:31:45 +0000 Subject: [PATCH 1/4] fix xss in addOperation --- src/web/waiters/RecipeWaiter.mjs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/web/waiters/RecipeWaiter.mjs b/src/web/waiters/RecipeWaiter.mjs index 42e763b04..2722a9c2f 100755 --- a/src/web/waiters/RecipeWaiter.mjs +++ b/src/web/waiters/RecipeWaiter.mjs @@ -396,7 +396,7 @@ class RecipeWaiter { const item = document.createElement("li"); item.classList.add("operation"); - item.innerHTML = name; + item.innerHTML = Utils.escapeHtml(name); this.buildRecipeOperation(item); document.getElementById("rec-list").appendChild(item); From 12082ba3ccf039d905894136fe13cbf9a8f17421 Mon Sep 17 00:00:00 2001 From: Brunon Blok <43315279+brun0ne@users.noreply.github.com> Date: Fri, 7 Apr 2023 00:59:51 +0000 Subject: [PATCH 2/4] escape only angle brackets --- src/web/waiters/RecipeWaiter.mjs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/web/waiters/RecipeWaiter.mjs b/src/web/waiters/RecipeWaiter.mjs index 2722a9c2f..78a3acbac 100755 --- a/src/web/waiters/RecipeWaiter.mjs +++ b/src/web/waiters/RecipeWaiter.mjs @@ -396,7 +396,7 @@ class RecipeWaiter { const item = document.createElement("li"); item.classList.add("operation"); - item.innerHTML = Utils.escapeHtml(name); + item.innerHTML = name.replace('>', '>', 'g').replace('<', '<', 'g'); this.buildRecipeOperation(item); document.getElementById("rec-list").appendChild(item); From e9ff8707ed28368d9e3d982f1c8fe95390fab102 Mon Sep 17 00:00:00 2001 From: Brunon Blok <43315279+brun0ne@users.noreply.github.com> Date: Fri, 7 Apr 2023 01:02:33 +0000 Subject: [PATCH 3/4] comply with eslint --- src/web/waiters/RecipeWaiter.mjs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/web/waiters/RecipeWaiter.mjs b/src/web/waiters/RecipeWaiter.mjs index 78a3acbac..aea6633a4 100755 --- a/src/web/waiters/RecipeWaiter.mjs +++ b/src/web/waiters/RecipeWaiter.mjs @@ -396,7 +396,7 @@ class RecipeWaiter { const item = document.createElement("li"); item.classList.add("operation"); - item.innerHTML = name.replace('>', '>', 'g').replace('<', '<', 'g'); + item.innerHTML = name.replace(">", ">", "g").replace("<", "<", "g"); this.buildRecipeOperation(item); document.getElementById("rec-list").appendChild(item); From 30f9286ce98ac57b2c9f5b7e889eee3c5491b2e1 Mon Sep 17 00:00:00 2001 From: Brunon Blok <43315279+brun0ne@users.noreply.github.com> Date: Fri, 7 Apr 2023 12:36:10 +0000 Subject: [PATCH 4/4] different fix --- src/web/waiters/RecipeWaiter.mjs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/web/waiters/RecipeWaiter.mjs b/src/web/waiters/RecipeWaiter.mjs index aea6633a4..8b41b9b0e 100755 --- a/src/web/waiters/RecipeWaiter.mjs +++ b/src/web/waiters/RecipeWaiter.mjs @@ -396,7 +396,11 @@ class RecipeWaiter { const item = document.createElement("li"); item.classList.add("operation"); - item.innerHTML = name.replace(">", ">", "g").replace("<", "<", "g"); + + if (this.app.operations[name] != null) { + item.innerHTML = name; + } + this.buildRecipeOperation(item); document.getElementById("rec-list").appendChild(item);