beenull/CyberChef
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

BIGFIX: 'Show Base64 Offsets' operation now escapes input before adding to tooltips.

Browse source
This commit is contained in:
n1474335 2016-12-05 14:07:19 +00:00
parent 20d9903572
commit e4d30861d5
6 changed files with 37 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
build/prod/cyberchef.htm
View file

File diff suppressed because one or more lines are too long

2
build/prod/index.html
View file

File diff suppressed because one or more lines are too long

18
build/prod/scripts.js
View file

File diff suppressed because one or more lines are too long

5
src/js/core/Utils.js
View file

@ -875,7 +875,10 @@ var Utils = {
* Utils.escape_html("A <script> tag");
*/
escape_html: function(str) {
return str.replace(/</g, "&lt;");
return str.replace(/</g, "&lt;")
.replace(/'/g, "&apos;")
.replace(/"/g, '&quot;')
.replace(/&/g, "&amp;");
},

18
src/js/operations/Base64.js
View file

@ -215,21 +215,21 @@ var Base64 = {
if (len0 % 4 == 2) {
static_section = offset0.slice(0, -3);
offset0 = "<span data-toggle='tooltip' data-placement='top' title='" +
Utils.from_base64(static_section, alphabet).slice(0, -2) + "'>" +
Utils.escape_html(Utils.from_base64(static_section, alphabet).slice(0, -2)) + "'>" +
static_section + "</span>" +
"<span class='hlgreen'>" + offset0.substr(offset0.length - 3, 1) + "</span>" +
"<span class='hlred'>" + offset0.substr(offset0.length - 2) + "</span>";
} else if (len0 % 4 == 3) {
static_section = offset0.slice(0, -2);
offset0 = "<span data-toggle='tooltip' data-placement='top' title='" +
Utils.from_base64(static_section, alphabet).slice(0, -1) + "'>" +
Utils.escape_html(Utils.from_base64(static_section, alphabet).slice(0, -1)) + "'>" +
static_section + "</span>" +
"<span class='hlgreen'>" + offset0.substr(offset0.length - 2, 1) + "</span>" +
"<span class='hlred'>" + offset0.substr(offset0.length - 1) + "</span>";
} else {
static_section = offset0;
offset0 = "<span data-toggle='tooltip' data-placement='top' title='" +
Utils.from_base64(static_section, alphabet) + "'>" +
Utils.escape_html(Utils.from_base64(static_section, alphabet)) + "'>" +
static_section + "</span>";
}
@ -245,21 +245,21 @@ var Base64 = {
if (len1 % 4 == 2) {
static_section = offset1.slice(0, -3);
offset1 = padding + "<span data-toggle='tooltip' data-placement='top' title='" +
Utils.from_base64("AA" + static_section, alphabet).slice(1, -2) + "'>" +
Utils.escape_html(Utils.from_base64("AA" + static_section, alphabet).slice(1, -2)) + "'>" +
static_section + "</span>" +
"<span class='hlgreen'>" + offset1.substr(offset1.length - 3, 1) + "</span>" +
"<span class='hlred'>" + offset1.substr(offset1.length - 2) + "</span>";
} else if (len1 % 4 == 3) {
static_section = offset1.slice(0, -2);
offset1 = padding + "<span data-toggle='tooltip' data-placement='top' title='" +
Utils.from_base64("AA" + static_section, alphabet).slice(1, -1) + "'>" +
Utils.escape_html(Utils.from_base64("AA" + static_section, alphabet).slice(1, -1)) + "'>" +
static_section + "</span>" +
"<span class='hlgreen'>" + offset1.substr(offset1.length - 2, 1) + "</span>" +
"<span class='hlred'>" + offset1.substr(offset1.length - 1) + "</span>";
} else {
static_section = offset1;
offset1 = padding + "<span data-toggle='tooltip' data-placement='top' title='" +
Utils.from_base64("AA" + static_section, alphabet).slice(1) + "'>" +
Utils.escape_html(Utils.from_base64("AA" + static_section, alphabet).slice(1)) + "'>" +
static_section + "</span>";
}
@ -274,21 +274,21 @@ var Base64 = {
if (len2 % 4 == 2) {
static_section = offset2.slice(0, -3);
offset2 = padding + "<span data-toggle='tooltip' data-placement='top' title='" +
Utils.from_base64("AAA" + static_section, alphabet).slice(2, -2) + "'>" +
Utils.escape_html(Utils.from_base64("AAA" + static_section, alphabet).slice(2, -2)) + "'>" +
static_section + "</span>" +
"<span class='hlgreen'>" + offset2.substr(offset2.length - 3, 1) + "</span>" +
"<span class='hlred'>" + offset2.substr(offset2.length - 2) + "</span>";
} else if (len2 % 4 == 3) {
static_section = offset2.slice(0, -2);
offset2 = padding + "<span data-toggle='tooltip' data-placement='top' title='" +
Utils.from_base64("AAA" + static_section, alphabet).slice(2, -2) + "'>" +
Utils.escape_html(Utils.from_base64("AAA" + static_section, alphabet).slice(2, -2)) + "'>" +
static_section + "</span>" +
"<span class='hlgreen'>" + offset2.substr(offset2.length - 2, 1) + "</span>" +
"<span class='hlred'>" + offset2.substr(offset2.length - 1) + "</span>";
} else {
static_section = offset2;
offset2 = padding + "<span data-toggle='tooltip' data-placement='top' title='" +
Utils.from_base64("AAA" + static_section, alphabet).slice(2) + "'>" +
Utils.escape_html(Utils.from_base64("AAA" + static_section, alphabet).slice(2)) + "'>" +
static_section + "</span>";
}

6
src/static/stats.txt
View file

@ -1,9 +1,9 @@
203 source files
104218 lines
104221 lines
4.0M size
136 JavaScript source files
95128 lines
95131 lines
3.4M size
78 third party JavaScript source files
@ -11,7 +11,7 @@
2.7M size
58 first party JavaScript source files
18751 lines
18754 lines
724K size
3.1M uncompressed JavaScript size