From bfbb411d7c2b0da5613e4da04602f95db3093904 Mon Sep 17 00:00:00 2001
From: Carlos <28845529+mesacarlos@users.noreply.github.com>
Date: Mon, 18 Nov 2019 18:58:32 +0100
Subject: [PATCH] Enhanced security with JS Strings

---
 client/index.html                         |  2 +-
 client/scripts/WebConsole.js              |  2 +-
 client/scripts/WebConsoleJqueryHandler.js | 10 +++++++++-
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/client/index.html b/client/index.html
index 806d6d5..5b4e8d8 100644
--- a/client/index.html
+++ b/client/index.html
@@ -212,7 +212,7 @@
 		<!-- Webpage footer -->
 		<footer class="footer mt-auto py-3">
 			<div class="container">
-				<span class="text-muted">WebConsole v1.4 (rev. 1) - <a href="https://github.com/mesacarlos/WebConsole">GitHub</a></span>
+				<span class="text-muted">WebConsole v1.4 (rev. 2) - <a href="https://github.com/mesacarlos/WebConsole">GitHub</a></span>
 			</div>
 		</footer>
 		
diff --git a/client/scripts/WebConsole.js b/client/scripts/WebConsole.js
index bb0f05e..df1b511 100644
--- a/client/scripts/WebConsole.js
+++ b/client/scripts/WebConsole.js
@@ -233,7 +233,7 @@ function updateServerList(){
 	//Add all servers
 	var servers = persistenceManager.getAllServers();
 	for(var i = 0; i < servers.length; i++){
-		$('#ServerListDropDown').append('<a class="dropdown-item servermenuitem" href="#" onclick="openServer(\'' + servers[i].serverName + '\')">' + servers[i].serverName + '</a>');
+		$('#ServerListDropDown').append('<a class="dropdown-item servermenuitem" href="#" onclick="openServer(\'' + servers[i].serverName + '\')">' + servers[i].serverName.replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/'/g,"").replace(/"/g,"") + '</a>');
 	}
 	
 	//Show a "no servers" message when no servers are added
diff --git a/client/scripts/WebConsoleJqueryHandler.js b/client/scripts/WebConsoleJqueryHandler.js
index 7dae965..66bbe9d 100644
--- a/client/scripts/WebConsoleJqueryHandler.js
+++ b/client/scripts/WebConsoleJqueryHandler.js
@@ -19,6 +19,14 @@ $(document).ready(function() {
 		$("#server-ssl").prop('checked', true);
 		$("#server-ssl").prop("disabled", true);
 	}
+
+	//Remove servers from persistence with invalid names. See v1.4-rev2 for details
+	var servers = persistenceManager.getAllServers();
+	for(var i = 0; i < servers.length; i++){
+		if(servers[i].serverName.includes("\'") || servers[i].serverName.includes("\"") || servers[i].serverName.includes("<") || servers[i].serverName.includes(">")){
+			persistenceManager.deleteServer(servers[i].serverName);
+		}
+	}
 });
 
 /**
@@ -26,7 +34,7 @@ $(document).ready(function() {
 */
 $("#saveAndConnectServerButton").click(function() {
 	//Save server
-	var name = $("#server-name").val();
+	var name = $("#server-name").val().replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/'/g,"").replace(/"/g,"");
 	var wcIp = $("#server-ip").val();
 	var wcPort = $("#server-port").val();
 	var wcSsl = $("#server-ssl").prop('checked');