From a2e1adb4e0833ea82cca4eb08b21f4d89f121585 Mon Sep 17 00:00:00 2001 From: Yogesh Ojha Date: Mon, 1 Jul 2024 20:15:50 +0530 Subject: [PATCH] fix xss on page title --- .../static/startScan/js/detail_scan.js | 26 ++++++++++++++++++- web/static/custom/custom.js | 20 +++++++++++--- 2 files changed, 42 insertions(+), 4 deletions(-) diff --git a/web/startScan/static/startScan/js/detail_scan.js b/web/startScan/static/startScan/js/detail_scan.js index 1e3314c6e..8f59355e8 100644 --- a/web/startScan/static/startScan/js/detail_scan.js +++ b/web/startScan/static/startScan/js/detail_scan.js @@ -146,6 +146,12 @@ function get_endpoints(project, scan_history_id=null, domain_id=null, gf_tags=nu }, "targets": 2, }, + { + "render": function ( data, type, row ) { + return htmlEncode(data); + }, + "targets": 3, + }, { "render": function ( data, type, row ) { if (data){ @@ -346,6 +352,15 @@ function get_subdomain_changes(scan_history_id){ }, "targets": 0 }, + { + "render": function ( data, type, row ) { + if (data){ + return htmlEncode(data); + } + return ""; + }, + "targets": 1, + }, { "render": function ( data, type, row ) { // display badge based on http status @@ -434,6 +449,15 @@ function get_endpoint_changes(scan_history_id){ }, "targets": 0 }, + { + "render": function ( data, type, row ) { + if (data){ + return htmlEncode(data); + } + return ""; + }, + "targets": 1, + }, { "render": function ( data, type, row ) { // display badge based on http status @@ -534,7 +558,7 @@ function get_screenshot(scan_id){ else if (data[subdomain]['http_status'] >=300 && data[subdomain]['http_status'] < 400){ http_status_badge = 'warning'; } - page_title = data[subdomain]['page_title'] ? data[subdomain]['page_title'] + '
': '' ; + page_title = data[subdomain]['page_title'] ? htmlEncode(data[subdomain]['page_title']) + '
': '' ; subdomain_link = data[subdomain]['http_url'] ? `${data[subdomain]['name']}` : `${data[subdomain]['name']}` http_status = data[subdomain]['http_status'] ? `${data[subdomain]['http_status']}` : ''; figcaption.innerHTML = data[subdomain]['is_interesting'] ? page_title + subdomain_link + interesting_badge + http_status : page_title + subdomain_link + http_status; diff --git a/web/static/custom/custom.js b/web/static/custom/custom.js index 18cd5aeca..dffafc2b9 100644 --- a/web/static/custom/custom.js +++ b/web/static/custom/custom.js @@ -611,7 +611,14 @@ function get_interesting_subdomains(project, target_id, scan_history_id) { return `` + data + `` + tech_badge; }, "targets": 0 - }, { + }, + { + "render": function(data, type, row) { + return htmlEncode(data); + }, + "targets": 1 + }, + { "render": function(data, type, row) { // display badge based on http status // green for http status 2XX, orange for 3XX and warning for everything else @@ -692,7 +699,14 @@ function get_interesting_endpoints(project, target_id, scan_history_id) { return "" + url + ""; }, "targets": 0 - }, { + }, + { + "render": function(data, type, row) { + return htmlEncode(data); + }, + "targets": 1 + }, + { "render": function(data, type, row) { // display badge based on http status // green for http status 2XX, orange for 3XX and warning for everything else @@ -1096,7 +1110,7 @@ function render_endpoint_in_xlmodal(endpoint_count, subdomain_name, result) { ${http_url_td} ${get_http_status_badge(endpoint['http_status'])} - ${return_str_if_not_null(endpoint['page_title'])} + ${return_str_if_not_null(htmlEncode(endpoint['page_title']))} ${parse_comma_values_into_span(endpoint['matched_gf_patterns'], "danger", outline=true)} ${return_str_if_not_null(endpoint['content_type'])} ${return_str_if_not_null(endpoint['content_length'])}