beenull/Heimdall
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

fix: Escape app title and tag title on list pages CVE-2022-47968 (#1088)

Browse source
This commit is contained in:
Attila Kerekes 2023-01-05 19:31:15 +00:00 committed by GitHub
parent cd07d47445
commit a4022ce517
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 27 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
resources/views/items/list.blade.php
View file

@ -32,7 +32,7 @@
<tr>
<td>{{ $app->title }}</td>
<td><a href="{{ $app->url }}">{{ $app->link }}</a></td>
<td class="text-center"><a{{ $app->target }} href="{!! route('items.edit', [$app->id]) !!}" title="{{ __('app.settings.edit') }} {!! $app->title !!}"><i class="fas fa-edit"></i></a></td>
<td class="text-center"><a{{ $app->target }} href="{!! route('items.edit', [$app->id]) !!}" title="{{ __('app.settings.edit') }} {{ $app->title }}"><i class="fas fa-edit"></i></a></td>
<td class="text-center">
{!! Form::open(['method' => 'DELETE','route' => ['items.destroy', $app->id],'style'=>'display:inline']) !!}
<button class="link" type="submit"><i class="fa fa-trash-alt"></i></button>

6
resources/views/items/scripts.blade.php
View file

@ -31,13 +31,13 @@
}
});
// initial load
$('#tile-preview .title').html($('#appname').val());
$('#tile-preview .title').text($('#appname').val());
$('#tile-preview .item').css('backgroundColor', $('#appcolour').val());
$('#tile-preview .app-icon').attr('src', $('#appimage img').attr('src'));
// Updates
$('#appname').on('keyup change', function(e) {
$('#tile-preview .title').html($(this).val());
$('#tile-preview .title').text($(this).val());
})
$('#apptype').on('change', function(e) {
appload($(this).find('option:selected').val());
@ -178,7 +178,7 @@
if($('#appname').val() === '') {
$('#appname').val(data.name)
}
$('#tile-preview .title').html($('#appname').val());
$('#tile-preview .title').text($('#appname').val());
if(data.custom != null) {
$.get(base+'view/'+data.custom, function(getdata) {
$('#sapconfig').html(getdata).show();

2
resources/views/tags/list.blade.php
View file

@ -31,7 +31,7 @@
<tr>
<td>{{ $app->title }}</td>
<td><a{{ $app->target }} href="{{ url($app->link) }}">{{ $app->link }}</a></td>
<td class="text-center"><a href="{!! route('tags.edit', [$app->id]) !!}" title="{{ __('app.settings.edit') }} {!! $app->title !!}"><i class="fas fa-edit"></i></a></td>
<td class="text-center"><a href="{!! route('tags.edit', [$app->id]) !!}" title="{{ __('app.settings.edit') }} {{ $app->title }}"><i class="fas fa-edit"></i></a></td>
<td class="text-center">
{!! Form::open(['method' => 'DELETE','route' => ['tags.destroy', $app->id],'style'=>'display:inline']) !!}
<button class="link" type="submit"><i class="fa fa-trash-alt"></i></button>

11
tests/Feature/ItemListTest.php
View file

@ -31,4 +31,15 @@ class ItemListTest extends TestCase
$response->assertSee('Item 2');
$response->assertSee('Item 3');
}
public function test_escapes_xss_on_the_item_list_page()
{
$this->addItemWithTitleToDB('<script>alert("XSS")</script>');
$response = $this->get('/items');
$response->assertStatus(200);
$response->assertDontSee('<script>alert("XSS")</script>', false);
$response->assertSee('<script>alert("XSS")</script>');
}
}

11
tests/Feature/TagListTest.php
View file

@ -32,4 +32,15 @@ class TagListTest extends TestCase
$response->assertSee('Tag 2');
$response->assertSee('Tag 3');
}
public function test_escapes_xss_on_the_tag_list_page()
{
$this->addTagWithTitleToDB('<script>alert("XSS")</script>');
$response = $this->get('/tags');
$response->assertStatus(200);
$response->assertDontSee('<script>alert("XSS")</script>', false);
$response->assertSee('<script>alert("XSS")</script>');
}
}