Uplandustries/WebConsole-2.4-PLUS
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhanced security with JS Strings

Browse Source
This commit is contained in:
Carlos
2019-11-18 18:58:32 +01:00
parent a04fa7cbf6
commit bfbb411d7c
3 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
client/index.html
View File

@ -212,7 +212,7 @@
<!-- Webpage footer --> <!-- Webpage footer -->
<footer class="footer mt-auto py-3"> <footer class="footer mt-auto py-3">
<div class="container"> <div class="container">
<span class="text-muted">WebConsole v1.4 (rev. 1) - <a href="https://github.com/mesacarlos/WebConsole">GitHub</a></span> <span class="text-muted">WebConsole v1.4 (rev. 2) - <a href="https://github.com/mesacarlos/WebConsole">GitHub</a></span>
</div> </div>
</footer> </footer>

2
client/scripts/WebConsole.js
View File

@ -233,7 +233,7 @@ function updateServerList(){
//Add all servers //Add all servers
var servers = persistenceManager.getAllServers(); var servers = persistenceManager.getAllServers();
for(var i = 0; i < servers.length; i++){ for(var i = 0; i < servers.length; i++){
$('#ServerListDropDown').append('<a class="dropdown-item servermenuitem" href="#" onclick="openServer(\'' + servers[i].serverName + '\')">' + servers[i].serverName + '</a>'); $('#ServerListDropDown').append('<a class="dropdown-item servermenuitem" href="#" onclick="openServer(\'' + servers[i].serverName + '\')">' + servers[i].serverName.replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/'/g,"").replace(/"/g,"") + '</a>');
} }
//Show a "no servers" message when no servers are added //Show a "no servers" message when no servers are added

10
client/scripts/WebConsoleJqueryHandler.js
View File

@ -19,6 +19,14 @@ $(document).ready(function() {
$("#server-ssl").prop('checked', true); $("#server-ssl").prop('checked', true);
$("#server-ssl").prop("disabled", true); $("#server-ssl").prop("disabled", true);
} }
//Remove servers from persistence with invalid names. See v1.4-rev2 for details
var servers = persistenceManager.getAllServers();
for(var i = 0; i < servers.length; i++){
if(servers[i].serverName.includes("\'") || servers[i].serverName.includes("\"") || servers[i].serverName.includes("<") || servers[i].serverName.includes(">")){
persistenceManager.deleteServer(servers[i].serverName);
}
}
}); });
/** /**
@ -26,7 +34,7 @@ $(document).ready(function() {
*/ */
$("#saveAndConnectServerButton").click(function() { $("#saveAndConnectServerButton").click(function() {
//Save server //Save server
var name = $("#server-name").val(); var name = $("#server-name").val().replace(/</g,"&lt;").replace(/>/g,"&gt;").replace(/'/g,"").replace(/"/g,"");
var wcIp = $("#server-ip").val(); var wcIp = $("#server-ip").val();
var wcPort = $("#server-port").val(); var wcPort = $("#server-port").val();
var wcSsl = $("#server-ssl").prop('checked'); var wcSsl = $("#server-ssl").prop('checked');