beenull/CyberChef
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

BIGFIX: 'Show Base64 Offsets' operation now escapes input before adding to tooltips.

Browse source
This commit is contained in:
n1474335 2016-12-05 14:07:19 +00:00
parent 20d9903572
commit e4d30861d5
6 changed files with 37 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
build/prod/cyberchef.htm
View file

File diff suppressed because one or more lines are too long

2
build/prod/index.html
View file

File diff suppressed because one or more lines are too long

18
build/prod/scripts.js
View file

File diff suppressed because one or more lines are too long

5
src/js/core/Utils.js
View file

@ -875,7 +875,10 @@ var Utils = {
* Utils.escape_html("A <script> tag"); * Utils.escape_html("A <script> tag");
*/ */
escape_html: function(str) { escape_html: function(str) {
return str.replace(/</g, "&lt;"); return str.replace(/</g, "&lt;")
.replace(/'/g, "&apos;")
.replace(/"/g, '&quot;')
.replace(/&/g, "&amp;");
}, },

18
src/js/operations/Base64.js
View file

@ -215,21 +215,21 @@ var Base64 = {
if (len0 % 4 == 2) { if (len0 % 4 == 2) {
static_section = offset0.slice(0, -3); static_section = offset0.slice(0, -3);
offset0 = "<span data-toggle='tooltip' data-placement='top' title='" + offset0 = "<span data-toggle='tooltip' data-placement='top' title='" +
Utils.from_base64(static_section, alphabet).slice(0, -2) + "'>" + Utils.escape_html(Utils.from_base64(static_section, alphabet).slice(0, -2)) + "'>" +
static_section + "</span>" + static_section + "</span>" +
"<span class='hlgreen'>" + offset0.substr(offset0.length - 3, 1) + "</span>" + "<span class='hlgreen'>" + offset0.substr(offset0.length - 3, 1) + "</span>" +
"<span class='hlred'>" + offset0.substr(offset0.length - 2) + "</span>"; "<span class='hlred'>" + offset0.substr(offset0.length - 2) + "</span>";
} else if (len0 % 4 == 3) { } else if (len0 % 4 == 3) {
static_section = offset0.slice(0, -2); static_section = offset0.slice(0, -2);
offset0 = "<span data-toggle='tooltip' data-placement='top' title='" + offset0 = "<span data-toggle='tooltip' data-placement='top' title='" +
Utils.from_base64(static_section, alphabet).slice(0, -1) + "'>" + Utils.escape_html(Utils.from_base64(static_section, alphabet).slice(0, -1)) + "'>" +
static_section + "</span>" + static_section + "</span>" +
"<span class='hlgreen'>" + offset0.substr(offset0.length - 2, 1) + "</span>" + "<span class='hlgreen'>" + offset0.substr(offset0.length - 2, 1) + "</span>" +
"<span class='hlred'>" + offset0.substr(offset0.length - 1) + "</span>"; "<span class='hlred'>" + offset0.substr(offset0.length - 1) + "</span>";
} else { } else {
static_section = offset0; static_section = offset0;
offset0 = "<span data-toggle='tooltip' data-placement='top' title='" + offset0 = "<span data-toggle='tooltip' data-placement='top' title='" +
Utils.from_base64(static_section, alphabet) + "'>" + Utils.escape_html(Utils.from_base64(static_section, alphabet)) + "'>" +
static_section + "</span>"; static_section + "</span>";
} }
@ -245,21 +245,21 @@ var Base64 = {
if (len1 % 4 == 2) { if (len1 % 4 == 2) {
static_section = offset1.slice(0, -3); static_section = offset1.slice(0, -3);
offset1 = padding + "<span data-toggle='tooltip' data-placement='top' title='" + offset1 = padding + "<span data-toggle='tooltip' data-placement='top' title='" +
Utils.from_base64("AA" + static_section, alphabet).slice(1, -2) + "'>" + Utils.escape_html(Utils.from_base64("AA" + static_section, alphabet).slice(1, -2)) + "'>" +
static_section + "</span>" + static_section + "</span>" +
"<span class='hlgreen'>" + offset1.substr(offset1.length - 3, 1) + "</span>" + "<span class='hlgreen'>" + offset1.substr(offset1.length - 3, 1) + "</span>" +
"<span class='hlred'>" + offset1.substr(offset1.length - 2) + "</span>"; "<span class='hlred'>" + offset1.substr(offset1.length - 2) + "</span>";
} else if (len1 % 4 == 3) { } else if (len1 % 4 == 3) {
static_section = offset1.slice(0, -2); static_section = offset1.slice(0, -2);
offset1 = padding + "<span data-toggle='tooltip' data-placement='top' title='" + offset1 = padding + "<span data-toggle='tooltip' data-placement='top' title='" +
Utils.from_base64("AA" + static_section, alphabet).slice(1, -1) + "'>" + Utils.escape_html(Utils.from_base64("AA" + static_section, alphabet).slice(1, -1)) + "'>" +
static_section + "</span>" + static_section + "</span>" +
"<span class='hlgreen'>" + offset1.substr(offset1.length - 2, 1) + "</span>" + "<span class='hlgreen'>" + offset1.substr(offset1.length - 2, 1) + "</span>" +
"<span class='hlred'>" + offset1.substr(offset1.length - 1) + "</span>"; "<span class='hlred'>" + offset1.substr(offset1.length - 1) + "</span>";
} else { } else {
static_section = offset1; static_section = offset1;
offset1 = padding + "<span data-toggle='tooltip' data-placement='top' title='" + offset1 = padding + "<span data-toggle='tooltip' data-placement='top' title='" +
Utils.from_base64("AA" + static_section, alphabet).slice(1) + "'>" + Utils.escape_html(Utils.from_base64("AA" + static_section, alphabet).slice(1)) + "'>" +
static_section + "</span>"; static_section + "</span>";
} }
@ -274,21 +274,21 @@ var Base64 = {
if (len2 % 4 == 2) { if (len2 % 4 == 2) {
static_section = offset2.slice(0, -3); static_section = offset2.slice(0, -3);
offset2 = padding + "<span data-toggle='tooltip' data-placement='top' title='" + offset2 = padding + "<span data-toggle='tooltip' data-placement='top' title='" +
Utils.from_base64("AAA" + static_section, alphabet).slice(2, -2) + "'>" + Utils.escape_html(Utils.from_base64("AAA" + static_section, alphabet).slice(2, -2)) + "'>" +
static_section + "</span>" + static_section + "</span>" +
"<span class='hlgreen'>" + offset2.substr(offset2.length - 3, 1) + "</span>" + "<span class='hlgreen'>" + offset2.substr(offset2.length - 3, 1) + "</span>" +
"<span class='hlred'>" + offset2.substr(offset2.length - 2) + "</span>"; "<span class='hlred'>" + offset2.substr(offset2.length - 2) + "</span>";
} else if (len2 % 4 == 3) { } else if (len2 % 4 == 3) {
static_section = offset2.slice(0, -2); static_section = offset2.slice(0, -2);
offset2 = padding + "<span data-toggle='tooltip' data-placement='top' title='" + offset2 = padding + "<span data-toggle='tooltip' data-placement='top' title='" +
Utils.from_base64("AAA" + static_section, alphabet).slice(2, -2) + "'>" + Utils.escape_html(Utils.from_base64("AAA" + static_section, alphabet).slice(2, -2)) + "'>" +
static_section + "</span>" + static_section + "</span>" +
"<span class='hlgreen'>" + offset2.substr(offset2.length - 2, 1) + "</span>" + "<span class='hlgreen'>" + offset2.substr(offset2.length - 2, 1) + "</span>" +
"<span class='hlred'>" + offset2.substr(offset2.length - 1) + "</span>"; "<span class='hlred'>" + offset2.substr(offset2.length - 1) + "</span>";
} else { } else {
static_section = offset2; static_section = offset2;
offset2 = padding + "<span data-toggle='tooltip' data-placement='top' title='" + offset2 = padding + "<span data-toggle='tooltip' data-placement='top' title='" +
Utils.from_base64("AAA" + static_section, alphabet).slice(2) + "'>" + Utils.escape_html(Utils.from_base64("AAA" + static_section, alphabet).slice(2)) + "'>" +
static_section + "</span>"; static_section + "</span>";
} }

6
src/static/stats.txt
View file

@ -1,9 +1,9 @@
203 source files 203 source files
104218 lines 104221 lines
4.0M size 4.0M size
136 JavaScript source files 136 JavaScript source files
95128 lines 95131 lines
3.4M size 3.4M size
78 third party JavaScript source files 78 third party JavaScript source files
@ -11,7 +11,7 @@
2.7M size 2.7M size
58 first party JavaScript source files 58 first party JavaScript source files
18751 lines 18754 lines
724K size 724K size
3.1M uncompressed JavaScript size 3.1M uncompressed JavaScript size