Skip to content

Commit

Permalink
Merge pull request #2 from xNasuni/main
Browse files Browse the repository at this point in the history 
fix XSS issues to prevent users from getting "hacked"
  • Loading branch information
@pc035860
pc035860 authored Jun 1, 2024
2 parents d4f149f + d125d77 commit 86dda99
Showing 1 changed file with 23 additions and 0 deletions.
23 changes: 23 additions & 0 deletions web-resources/wresources.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,26 @@
function e(e) {
return e && e.__esModule ? e.default : e;
}
function stopXSS(str) { // this might not be adequate enough for XSS prevention.
if (str == null || str.length == 0) {
str = '';
}
var out = ""
var len = str.length

for (cnt = 0; cnt < len; cnt++) {
c = str.charCodeAt(cnt);
if ((c >= 97 && c <= 122) ||
(c >= 65 && c <= 90 ) ||
(c >= 48 && c <= 57 )) {
out += str.charAt(cnt);
} else {
out += '&#' + c + ';';
}
}

return out;
}
var t =
'undefined' != typeof globalThis
? globalThis
Expand Down Expand Up @@ -7526,6 +7546,7 @@
let renderFullText = '';
const runs = contentText.runs || [];
for (const run of runs) {
run.text = stopXSS(run.text) // this might not be adequate enough for XSS prevention.
fullText += run.text || '';
try {
if (run.attachment) {
Expand Down Expand Up @@ -7637,6 +7658,7 @@
let renderFullText = '';
const runs = subItem.commentRenderer.contentText.runs || [];
for (const run of runs) {
run.text = stopXSS(run.text) // this might not be adequate enough for XSS prevention.
try {
if (run.text) {
fullText += run.text;
Expand Down Expand Up @@ -7754,6 +7776,7 @@
const runs =
subItem.commentRenderer.contentText.runs || [];
for (const run of runs) {
run.text = stopXSS(run.text) // this might not be adequate enough for XSS prevention.
try {
if (run.text) {
fullText += run.text;
Expand Down

0 comments on commit 86dda99

Please sign in to comment.