[bbb-greenlight: 1/12] Fixed XSS vulnerability in merge user modal (#2214)




commit 7c57f4b93ab9bdcc01b2bc41646f3aea0f2ef4c7
Author: Ahmad Farhat <ahmad af farhat gmail com>
Date:   Tue Oct 20 14:31:59 2020 -0400

    Fixed XSS vulnerability in merge user modal (#2214)

 app/assets/javascripts/admins.js | 30 +++++++++++++++++++++++++-----
 1 file changed, 25 insertions(+), 5 deletions(-)
---
diff --git a/app/assets/javascripts/admins.js b/app/assets/javascripts/admins.js
index 3a1702d..f8abf68 100644
--- a/app/assets/javascripts/admins.js
+++ b/app/assets/javascripts/admins.js
@@ -52,11 +52,19 @@ $(document).on('turbolinks:load', function(){
       $(".merge-user").click(function() {
         // Update the path of save button
         $("#merge-save-access").attr("data-path", $(this).data("path"))
-
         let userInfo = $(this).data("info")
-
-        $("#merge-to").html("<span>" + userInfo.name + "</span>" + "<span class='text-muted d-block'>" + 
userInfo.email + "</span>" + "<span class='text-muted d-block'>" + userInfo.uid + "</span>")
- 
+        $("#merge-to").html("") // Clear current inputs
+
+        let spanName = document.createElement("span"),
+        spanEmail = document.createElement("span"),
+        spanUid = document.createElement("span");
+        spanName.innerText = userInfo.name
+        spanEmail.setAttribute('class', 'text-muted d-block')
+        spanEmail.innerText = userInfo.email
+        spanUid.setAttribute('class', 'text-muted d-block')
+        spanUid.innerText = userInfo.uid
+
+        $("#merge-to").append(spanName, spanEmail, spanUid)
       })
 
       $("#mergeUserModal").on("show.bs.modal", function() {
@@ -81,7 +89,19 @@ $(document).on('turbolinks:load', function(){
         let user = $(".selectpicker").selectpicker('val')
         if (user != "") {
           let userInfo = JSON.parse(user)
-          $("#merge-from").html("<span>" + userInfo.name + "</span>" + "<span class='text-muted d-block'>" + 
userInfo.email + "</span>" + "<span id='from-uid' class='text-muted d-block'>" + userInfo.uid + "</span>")
+          $("#merge-from").html("") // Clear current input
+
+          let spanName = document.createElement("span"),
+          spanEmail = document.createElement("span"),
+          spanUid = document.createElement("span");
+          spanName.innerText = userInfo.name
+          spanEmail.setAttribute('class', 'text-muted d-block')
+          spanEmail.innerText = userInfo.email
+          spanUid.setAttribute('class', 'text-muted d-block')
+          spanUid.id = 'from-uid'
+          spanUid.innerText = userInfo.uid
+
+          $("#merge-from").append(spanName, spanEmail, spanUid)
         }
       })
     }


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]