Skip to content

Commit 4b932e8

Browse files
committed
(Fix: Database) fix #151 (thx @miaochiahao)
1 parent e523096 commit 4b932e8

File tree

5 files changed

+5
-4
lines changed

5 files changed

+5
-4
lines changed

Diff for: CHANGELOG.md

+1
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44
## `v(2.0.7.3)
55

66
* 主窗口增加 CSP 策略
7+
* Fix self-xss in database config #151 (thx @miaochiahao)
78

89
## `v(2.0.7.2)`
910

Diff for: source/modules/database/asp/index.js

+1-1
Original file line numberDiff line numberDiff line change
@@ -139,7 +139,7 @@ class ASP {
139139
items.push({
140140
id: `conn::${_}`,
141141
// text: `${conf[_]['type']}:\/\/${conf[_]['user']}@${conf[_]['host']}`,
142-
text: conf[_]['type'].toUpperCase(),
142+
text: antSword.noxss(conf[_]['type'].toUpperCase()),
143143
im0: this.manager.list.imgs[0],
144144
im1: this.manager.list.imgs[0],
145145
im2: this.manager.list.imgs[0]

Diff for: source/modules/database/custom/index.js

+1-1
Original file line numberDiff line numberDiff line change
@@ -124,7 +124,7 @@ class CUSTOM {
124124
items.push({
125125
id: `conn::${_}`,
126126
// text: `${conf[_]['type']}:\/\/${conf[_]['user']}@${conf[_]['host']}`,
127-
text: conf[_]['type'].toUpperCase(),
127+
text: antSword.noxss(conf[_]['type'].toUpperCase()),
128128
im0: this.manager.list.imgs[0],
129129
im1: this.manager.list.imgs[0],
130130
im2: this.manager.list.imgs[0]

Diff for: source/modules/database/index.js

+1-1
Original file line numberDiff line numberDiff line change
@@ -251,7 +251,7 @@ class Database {
251251
data_arr.push({
252252
id: i+1,
253253
data: [
254-
func_mapping.hasOwnProperty(item[0]) ? func_mapping[item[0]] : item[0],
254+
func_mapping.hasOwnProperty(item[0]) ? func_mapping[item[0]] : antSword.noxss(item[0]),
255255
parseInt(item[1]) === 1 ? "√" : "×",
256256
],
257257
style: parseInt(item[1]) === 1 ? "background-color:#ADF1B9": "",

Diff for: source/modules/database/php/index.js

+1-1
Original file line numberDiff line numberDiff line change
@@ -288,7 +288,7 @@ class PHP {
288288
for (let _ in conf) {
289289
items.push({
290290
id: `conn::${_}`,
291-
text: `${conf[_]['type']}:\/\/${conf[_]['user']}@${conf[_]['host']}`,
291+
text: antSword.noxss(`${conf[_]['type']}:\/\/${conf[_]['user']}@${conf[_]['host']}`),
292292
im0: this.manager.list.imgs[0],
293293
im1: this.manager.list.imgs[0],
294294
im2: this.manager.list.imgs[0]

0 commit comments

Comments
 (0)