From 3f69b4d791a219d1d5a71c7abfeaa4390145756b Mon Sep 17 00:00:00 2001 From: Zixaphir Date: Wed, 7 May 2014 23:11:50 -0700 Subject: [PATCH] Escape potentially malicious fields. I don't think the comment or email fields will be an issue. --- LICENSE | 2 +- builds/appchan-x.user.js | 14 ++++++++++++-- builds/crx/script.js | 14 ++++++++++++-- src/General/Build.coffee | 6 ++++++ 4 files changed, 31 insertions(+), 5 deletions(-) diff --git a/LICENSE b/LICENSE index a0ebe6a1c..4bac71f77 100644 --- a/LICENSE +++ b/LICENSE @@ -1,5 +1,5 @@ /* -* appchan x - Version 2.9.25 - 2014-05-05 +* appchan x - Version 2.9.25 - 2014-05-07 * * Licensed under the MIT license. * https://github.com/zixaphir/appchan-x/blob/master/LICENSE diff --git a/builds/appchan-x.user.js b/builds/appchan-x.user.js index 5baee34f0..225c65ced 100644 --- a/builds/appchan-x.user.js +++ b/builds/appchan-x.user.js @@ -25,7 +25,7 @@ // ==/UserScript== /* -* appchan x - Version 2.9.25 - 2014-05-05 +* appchan x - Version 2.9.25 - 2014-05-07 * * Licensed under the MIT license. * https://github.com/zixaphir/appchan-x/blob/master/LICENSE @@ -5791,7 +5791,7 @@ return path; }, postFromObject: function(data, boardID) { - var o; + var key, o, safetyBuffer, _i, _len, _ref; o = { postID: data.no, threadID: data.resto || data.no, @@ -5810,6 +5810,16 @@ isSticky: !!data.sticky, isClosed: !!data.closed }; + safetyBuffer = $.el('div'); + _ref = ['name', 'subject']; + for (_i = 0, _len = _ref.length; _i < _len; _i++) { + key = _ref[_i]; + if (!o[key]) { + continue; + } + safetyBuffer.textContent = o[key]; + o[key] = safetyBuffer.innerHTML; + } if (data.ext || data.filedeleted) { o.file = { name: data.filename + data.ext, diff --git a/builds/crx/script.js b/builds/crx/script.js index f05bc2651..6f7d62d9f 100644 --- a/builds/crx/script.js +++ b/builds/crx/script.js @@ -1,6 +1,6 @@ // Generated by CoffeeScript /* -* appchan x - Version 2.9.25 - 2014-05-05 +* appchan x - Version 2.9.25 - 2014-05-07 * * Licensed under the MIT license. * https://github.com/zixaphir/appchan-x/blob/master/LICENSE @@ -5849,7 +5849,7 @@ return path; }, postFromObject: function(data, boardID) { - var o; + var key, o, safetyBuffer, _i, _len, _ref; o = { postID: data.no, threadID: data.resto || data.no, @@ -5868,6 +5868,16 @@ isSticky: !!data.sticky, isClosed: !!data.closed }; + safetyBuffer = $.el('div'); + _ref = ['name', 'subject']; + for (_i = 0, _len = _ref.length; _i < _len; _i++) { + key = _ref[_i]; + if (!o[key]) { + continue; + } + safetyBuffer.textContent = o[key]; + o[key] = safetyBuffer.innerHTML; + } if (data.ext || data.filedeleted) { o.file = { name: data.filename + data.ext, diff --git a/src/General/Build.coffee b/src/General/Build.coffee index ee3023c23..57fcf1d0b 100755 --- a/src/General/Build.coffee +++ b/src/General/Build.coffee @@ -42,6 +42,12 @@ Build = isSticky: !!data.sticky isClosed: !!data.closed # file + + safetyBuffer = $.el 'div' + for key in ['name', 'subject'] when o[key] + safetyBuffer.textContent = o[key] + o[key] = safetyBuffer.innerHTML + if data.ext or data.filedeleted o.file = name: data.filename + data.ext