MISP
/
misp-dashboard
mirror of https://github.com/MISP/misp-dashboard
2
0
Fork 0
Code Issues Releases Wiki Activity

fix: [security] prevent XSS injection in livelog table

pull/135/head
mokaddem 2019-09-16 20:58:13 +02:00
parent 0ac7e7cf84
commit dd218f4cf4
1 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
static/js/index/index.js
View File

@ -184,7 +184,6 @@ $(document).ready(function () {
}); });
// LOG TABLE // LOG TABLE
function updateLogTable(name, log, zmqName, ignoreLed) { function updateLogTable(name, log, zmqName, ignoreLed) {
if (log.length == 0) if (log.length == 0)
@ -590,6 +589,7 @@ function createHead(callback) {
}, },
add_entry: function(entry, isObjectAttribute) { add_entry: function(entry, isObjectAttribute) {
entry = this.sanitizeJson(entry);
var rowNode = this.dt.row.add(entry).draw().node(); var rowNode = this.dt.row.add(entry).draw().node();
if (this._options.animate) { if (this._options.animate) {
$( rowNode ) $( rowNode )
@ -614,6 +614,29 @@ function createHead(callback) {
//remove the rows and redraw the table //remove the rows and redraw the table
var rows = this.dt.rows(arraySlice).remove().draw(); var rows = this.dt.rows(arraySlice).remove().draw();
} }
},
sanitizeJson: function(dirty_json) {
var sanitized_json = {};
var that = this;
Object.keys(dirty_json).forEach(function(k) {
var val = dirty_json[k];
if (Array.isArray(val)) {
var clear_array = [];
sanitized_json[k] = val.map(function(item) {
return that.sanitize(item);
});
} else if(typeof val === 'object') {
sanitized_json[k] = that.sanitizeJson(val);
} else {
sanitized_json[k] = that.sanitize(val);
}
});
return sanitized_json;
},
sanitize: function(e) {
return $("<p>").text(e).html();;
} }
}; };