mirror of https://github.com/MISP/MISP
fix: [security] XSS in eventgraph preview payload
- as reported by Cyber Controls from SIX Grouppull/8906/head
parent
72c5424034
commit
a46f794a13
|
@ -636,7 +636,7 @@ class EventGraph {
|
|||
btn_plot.data('network-preview', preview);
|
||||
btn_plot.popover({
|
||||
container: 'body',
|
||||
content: function() { return '<img style="width: 500px; height: 150px;" src="' + $(this).data('network-preview') + '" />'; },
|
||||
content: function() { return '<img style="width: 500px; height: 150px;" src="' + $('<div>').text($(this).data('network-preview')).html() + '" />'; },
|
||||
placement: 'right',
|
||||
trigger: 'hover',
|
||||
template: '<div class="popover" role="tooltip"><div class="arrow"></div><h3 class="popover-title"></h3><div class="popover-content" style="width: 500px; height: 150px;"></div></div>',
|
||||
|
@ -2002,7 +2002,7 @@ function reset_graph_history() {
|
|||
btn_plot.data('network-preview', preview);
|
||||
btn_plot.popover({
|
||||
container: 'body',
|
||||
content: function() { return '<img style="width: 500px; height: 150px;" src="' + $(this).data('network-preview') + '" />'; },
|
||||
content: function() { return '<img style="width: 500px; height: 150px;" src="' + $('<div>').text($(this).data('network-preview')).html() + '" />'; },
|
||||
placement: 'right',
|
||||
trigger: 'hover',
|
||||
template: '<div class="popover" role="tooltip"><div class="arrow"></div><h3 class="popover-title"></h3><div class="popover-content" style="width: 500px; height: 150px;"></div></div>',
|
||||
|
|
Loading…
Reference in New Issue