Fixed several other XSS's

This commit is contained in:
Patrik Kernstock 2019-08-14 00:22:40 +02:00
parent 5fd00abf91
commit 4f25a3646e

View File

@ -482,6 +482,7 @@ jQuery(function($){
} }
item.symbols[key].str = str; item.symbols[key].str = str;
}); });
item.subject = escapeHtml(item.subject);
item.symbols = Object.keys(item.symbols). item.symbols = Object.keys(item.symbols).
map(function(key) { map(function(key) {
return item.symbols[key]; return item.symbols[key];
@ -526,6 +527,8 @@ jQuery(function($){
$.each(data, function (i, item) { $.each(data, function (i, item) {
if (item.ua == null) { if (item.ua == null) {
item.ua = 'unknown'; item.ua = 'unknown';
} else {
item.ua = escapeHtml(item.ua);
} }
item.ua = '<span style="font-size:small">' + item.ua + '</span>'; item.ua = '<span style="font-size:small">' + item.ua + '</span>';
if (item.service == "activesync") { if (item.service == "activesync") {
@ -535,7 +538,7 @@ jQuery(function($){
item.service = '<span class="label label-success">IMAP, SMTP, Cal-/CardDAV</span>'; item.service = '<span class="label label-success">IMAP, SMTP, Cal-/CardDAV</span>';
} }
else { else {
item.service = '<span class="label label-danger">' + item.service + '</span>'; item.service = '<span class="label label-danger">' + escapeHtml(item.service) + '</span>';
} }
}); });
} else if (table == 'watchdog') { } else if (table == 'watchdog') {