deploy: 6e03469

yogeshojha · Feb 3, 2025 · 5fd9cc5 · 5fd9cc5
1 parent 0309404
commit 5fd9cc5
Show file tree

Hide file tree

Showing 4 changed files with 54 additions and 20 deletions.
diff --git a/web/startScan/templates/startScan/detail_scan.html b/web/startScan/templates/startScan/detail_scan.html
@@ -1748,13 +1748,22 @@ <h4 class="header-title mb-0"><span id="endpoint_change_count"><span class="spin
 					},
 					{
 						"render": function ( data, type, row ) {
-							if (data.includes('http')) {
-								return "<a href='"+htmlEncode(data)+"' target='_blank' class='text-danger'>"+split_into_lines(htmlEncode(data), 150)+"</a>";
+							if (data) {
+								const encodedURLData = htmlEncode(data);
+
+								if (data.toLowerCase().startsWith('http')) {
+									return `<a href="${encodedData}" 
+											target="_blank" 
+											rel="noopener noreferrer" 
+											class="text-danger">
+											${split_into_lines(encodedData, 150)}
+										</a>`;
+								}
 							}
-							return data;
+							return htmlEncode(data || '');
 						},
 						"targets": 11,
-					},
+					}
 					{
 						"render": function ( data, type, row ) {
 							if (data){

diff --git a/web/startScan/templates/startScan/vulnerabilities.html b/web/startScan/templates/startScan/vulnerabilities.html
@@ -195,13 +195,22 @@
 			},
 			{
 				"render": function ( data, type, row ) {
-					if (data.includes('http')) {
-						return "<a href='"+htmlEncode(data)+"' target='_blank' class='text-danger'>"+split_into_lines(htmlEncode(data), 150)+"</a>";
+					if (data) {
+						const encodedURLData = htmlEncode(data);
+
+						if (data.toLowerCase().startsWith('http')) {
+							return `<a href="${encodedData}" 
+									target="_blank" 
+									rel="noopener noreferrer" 
+									class="text-danger">
+									${split_into_lines(encodedData, 150)}
+								</a>`;
+						}
 					}
-					return htmlEncode(data);
+					return htmlEncode(data || '');
 				},
 				"targets": 11,
-			},
+			}
 			{
 				"render": function ( data, type, row ) {
 					if (data){

diff --git a/web/static/custom/custom.js b/web/static/custom/custom.js
@@ -2875,11 +2875,16 @@ function render_vuln_offcanvas(vuln){
 	var body = '';
 	title_content += `<i class="mdi mdi-bug-outline me-1 text-${default_color}"></i>`;
 	title_content += `<span class="badge badge-${default_badge_color} text-${default_color}">${vuln.severity}</span>`;
-	title_content += `<span class="text-${default_color} ms-1">${vuln.name}</span>`;
+	title_content += `<span class="text-${default_color} ms-1">${htmlEncode(vuln.name)}</span>`;
 
 	body += `<p><b>ID: </b>${vuln.id}</p>`;
 	body += `<p><b>Discovered on: </b>${vuln.discovered_date}</p>`;
-	body += `<p><b>URL: </b><a href="${vuln.http_url}" target="_blank">${vuln.http_url}</a></p>`;
+	body += `<p><b>URL: </b>
+		<a href="${htmlEncode(vuln.http_url)}" 
+			target="_blank" 
+			rel="noopener noreferrer">
+			${split_into_lines(htmlEncode(vuln.http_url), 150)}
+		</a></p>`;
 	body += `<p><b>Severity: </b>${vuln.severity}<br><b>Type: </b>${vuln.type.toUpperCase()}<br><b>Source: </b> ${vuln.source.toUpperCase()}</p>`;
 
 	if (vuln.description) {
@@ -3023,19 +3028,19 @@ function render_vuln_offcanvas(vuln){
 		<table>
 		<tr>
 		<td style="width:20%"><b>Template</b></td>
-		<td>${vuln.template}</td>
+		<td>${htmlEncode(vuln.template)}</td>
 		</tr>
 		<tr>
 		<td style="width:20%"><b>Template URL</b></td>
-		<td><a target="_blank" href="${vuln.template_url}">${vuln.template_url}</a></td>
+		<td><a target="_blank" href="${htmlEncode(vuln.template_url)}">${htmlEncode(vuln.template_url)}</a></td>
 		</tr>
 		<tr>
 		<td style="width:20%"><b>Template ID</b></td>
-		<td>${vuln.template_id}</td>
+		<td>${htmlEncode(vuln.template_id)}</td>
 		</tr>
 		<tr>
 		<td style="width:20%"><b>Matcher Name</b></td>
-		<td>${vuln.matcher_name}</td>
+		<td>${htmlEncode(vuln.matcher_name)}</td>
 		</tr>
 		</table>
 		</div>
@@ -3085,9 +3090,11 @@ function render_vuln_offcanvas(vuln){
 	var http_response = vuln.response ? vuln.response : '';
 
 	http_request = http_request.replace(new RegExp('\r?\n','g'), '<br />');
+	http_response = http_response.replace(new RegExp('&#13;&#10;','g'), '<br />');
+
+	http_request = htmlEncode(http_request);
 	http_response = htmlEncode(http_response);
 
-	http_response = http_response.replace(new RegExp('&#13;&#10;','g'), '<br />');
 
 	body += `<div class="accordion custom-accordion mt-2">
 	<h5 class="m-0 position-relative">

diff --git a/web/targetApp/templates/target/summary.html b/web/targetApp/templates/target/summary.html
@@ -1507,14 +1507,23 @@ <h4 class="header-title mb-0"><span id="technologies-count"><span class="spinner
 				"targets": 8,
 			},
 			{
-				"render": function(data, type, row) {
-					if (data.includes('http')) {
-						return "<a href='" + htmlEncode(data) + "' target='_blank' class='text-danger'>" + split_into_lines(htmlEncode(data), 150) + "</a>";
+				"render": function ( data, type, row ) {
+					if (data) {
+						const encodedURLData = htmlEncode(data);
+
+						if (data.toLowerCase().startsWith('http')) {
+							return `<a href="${encodedData}" 
+									target="_blank" 
+									rel="noopener noreferrer" 
+									class="text-danger">
+									${split_into_lines(encodedData, 150)}
+								</a>`;
+						}
 					}
-					return data;
+					return htmlEncode(data || '');
 				},
 				"targets": 11,
-			},
+			}
 			{
 				"render": function(data, type, row) {
 					if (data) {