From fc5b8d919cfa23b909587b58a26035c7b4b272ac Mon Sep 17 00:00:00 2001
From: "Gabriel SAILLARD (GitSquared)" <gabriel@saillard.dev>
Date: Tue, 30 Apr 2019 21:37:04 +0200
Subject: [PATCH] :lock: [SECURITY] Fix XSS vulnerability in mod_netstat

If you're reading this, you might be worried.
An attacker would have also needed to spoof your DNS records and your SSL root certificate store to succesfully inject code into your client.

If still believe you might be at risk, shoot me an email: gabriel@saillard.dev
---
 src/classes/netstat.class.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/classes/netstat.class.js b/src/classes/netstat.class.js
index 23a19aff..67e1c20e 100644
--- a/src/classes/netstat.class.js
+++ b/src/classes/netstat.class.js
@@ -100,7 +100,7 @@ class Netstat {
                                 delete this.ipinfo.api_version;
                                 delete this.ipinfo.time;
                                 let ip = this.ipinfo.ip;
-                                document.querySelector("#mod_netstat_innercontainer > div:nth-child(2) > h2").innerHTML = ip;
+                                document.querySelector("#mod_netstat_innercontainer > div:nth-child(2) > h2").innerHTML = window._escapeHtml(ip);
                             } catch(e) {
                                 console.warn(e);
                                 console.info(rawData.toString());