Fixed reflected XSS described in issue 1265
This commit is contained in:
parent
ae1b12c120
commit
d2174725a9
@ -6,6 +6,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
import OperationError from "../errors/OperationError.mjs";
|
import OperationError from "../errors/OperationError.mjs";
|
||||||
|
import Utils from "../Utils.mjs";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @constant
|
* @constant
|
||||||
@ -128,7 +129,7 @@ export function getScatterValuesWithColour(input, recordDelimiter, fieldDelimite
|
|||||||
if (Number.isNaN(x)) throw new OperationError("Values must be numbers in base 10.");
|
if (Number.isNaN(x)) throw new OperationError("Values must be numbers in base 10.");
|
||||||
if (Number.isNaN(y)) throw new OperationError("Values must be numbers in base 10.");
|
if (Number.isNaN(y)) throw new OperationError("Values must be numbers in base 10.");
|
||||||
|
|
||||||
return [x, y, colour];
|
return [x, y, Utils.escapeHtml(colour)];
|
||||||
});
|
});
|
||||||
|
|
||||||
return { headings, values };
|
return { headings, values };
|
||||||
|
@ -87,7 +87,7 @@ class ScatterChart extends Operation {
|
|||||||
const recordDelimiter = Utils.charRep(args[0]),
|
const recordDelimiter = Utils.charRep(args[0]),
|
||||||
fieldDelimiter = Utils.charRep(args[1]),
|
fieldDelimiter = Utils.charRep(args[1]),
|
||||||
columnHeadingsAreIncluded = args[2],
|
columnHeadingsAreIncluded = args[2],
|
||||||
fillColour = args[5],
|
fillColour = Utils.escapeHtml(args[5]),
|
||||||
radius = args[6],
|
radius = args[6],
|
||||||
colourInInput = args[7],
|
colourInInput = args[7],
|
||||||
dimension = 500;
|
dimension = 500;
|
||||||
|
@ -72,7 +72,10 @@ class SeriesChart extends Operation {
|
|||||||
fieldDelimiter = Utils.charRep(args[1]),
|
fieldDelimiter = Utils.charRep(args[1]),
|
||||||
xLabel = args[2],
|
xLabel = args[2],
|
||||||
pipRadius = args[3],
|
pipRadius = args[3],
|
||||||
seriesColours = args[4].split(","),
|
// Escape HTML from all colours to prevent reflected XSS. See https://github.com/gchq/CyberChef/issues/1265
|
||||||
|
seriesColours = args[4].split(",").map((colour) => {
|
||||||
|
return Utils.escapeHtml(colour)
|
||||||
|
}),
|
||||||
svgWidth = 500,
|
svgWidth = 500,
|
||||||
interSeriesPadding = 20,
|
interSeriesPadding = 20,
|
||||||
xAxisHeight = 50,
|
xAxisHeight = 50,
|
||||||
|
Loading…
Reference in New Issue
Block a user