merenber
/
greenlight
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix Cross-Site-Scripting Vulnerability (#2034) 

This patch fixes a cross-site-scripting vulnerability in Greenlight
which allowed users to inject code into Greenlight by adding scripts
into their names.

Co-authored-by: Ahmad Farhat <ahmad.af.farhat@gmail.com>
This commit is contained in:
Lars Kiesow 2020-08-24 20:32:14 +02:00 committed by GitHub
parent e5340d2a7a
commit 503ca52806
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
app/assets/javascripts/room.js
View File

@ -122,11 +122,20 @@ $(document).on('turbolinks:load', function(){
listItem.setAttribute('class', 'list-group-item text-left not-saved add-access');
listItem.setAttribute("data-uid", uid)
let spanItem = "<span class='avatar float-left mr-2'>" + option.text().charAt(0) + "</span> <span class='shared-user'>" +
option.text() + " <span class='text-muted'>" + option.data("subtext") + "</span></span>" +
"<span class='text-primary float-right shared-user cursor-pointer' onclick='removeSharedUser(this)'><i class='fas fa-times'></i></span>"
let spanItemAvatar = document.createElement("span"),
spanItemName = document.createElement("span"),
spanItemUser = document.createElement("span");
spanItemAvatar.setAttribute('class', 'avatar float-left mr-2');
spanItemAvatar.innerText = option.text().charAt(0);
spanItemName.setAttribute('class', 'shared-user');
spanItemName.innerText = option.text();
spanItemUser.setAttribute('class', 'text-muted');
spanItemUser.innerText = option.data('subtext');
spanItemName.append(spanItemUser);
listItem.innerHTML = spanItem
listItem.innerHTML = "<span class='text-primary float-right shared-user cursor-pointer' onclick='removeSharedUser(this)'><i class='fas fa-times'></i></span>"
listItem.prepend(spanItemName);
listItem.prepend(spanItemAvatar);
$("#user-list").append(listItem)
}
@ -134,7 +143,7 @@ $(document).on('turbolinks:load', function(){
$("#presentation-upload").change(function(data) {
var file = data.target.files[0]
// Check file type and size to make sure they aren't over the limit
if (validFileUpload(file)) {
$("#presentation-upload-label").text(file.name)
@ -327,4 +336,4 @@ function checkIfAutoJoin() {
$("#joiner-consent").click()
$("#room-join").click()
}
}
}