Skip to content
Permalink
Browse files Browse the repository at this point in the history
A couple of potential security fixes. Stop using innerHTML when build…
…ing the EXIF preview, in theory someone could add malicious EXIF data and XSS. Also, use JSON.parse instead of eval() to protect against MITM attacks.
  • Loading branch information
dpup committed Nov 4, 2009
1 parent 084b39c commit 08875dd
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 11 deletions.
2 changes: 1 addition & 1 deletion fittr-flickr/api_relay.html
Expand Up @@ -54,7 +54,7 @@
var status = xhr.status;
var response, err = '';
try {
response = eval('(' + xhr.responseText + ')');
response = JSON.parse(xhr.responseText);
} catch (e) {
status = -1;
err = e.message;
Expand Down
27 changes: 19 additions & 8 deletions fittr-flickr/features/easy-exif.js
Expand Up @@ -65,24 +65,35 @@ var exif = (function() {
link.parentNode.parentNode.insertBefore(el, link.parentNode.nextSibling);

api.makeApiRequest(api.RequestType.GET_EXIF, {photo_id: page.getPhotoId()}, function(data) {
el.innerHTML = '';
if (data.status == 200 && data.content.stat == 'ok') {
var html = '<table class="fittr-exif-table">';
var table = createEl('table', 'fittr-exif-table');
var seen = {};
for (var i = 0; i < data.content.photo.exif.length; i++) {
var item = data.content.photo.exif[i];
if (item.tag in EXIF_TAG_WHITELIST && !(item.tag in seen)) {
seen[item.tag] = 1;
var value = item.clean ? item.clean._content : item.raw._content;
html += '<tr><td>' + item.label + '</td><td>' + value + '</td></tr>';
var tr = createEl('tr');
var td1 = createEl('td');
td1.appendChild(createText(item.label));
tr.appendChild(td1);
var td2 = createEl('td');
td2.appendChild(createText(value));
tr.appendChild(td2);
table.appendChild(tr);
}
}
html += '</table>';
el.innerHTML = html;
} else if (data.status == 200 && data.content.stat == 'fail') {
el.innerHTML = '<i>Error loading EXIF : ' + data.content.message + '</i>';
el.appendChild(table);
} else {
el.innerHTML = '<i>Error loading EXIF.</i>';
}
var error = createEl('i');
if (data.status == 200 && data.content.stat == 'fail') {
error.appendChild(createText('Error loading EXIF : ' + data.content.message));
} else {
error.appendChild(createText('Error loading EXIF, status: ' + data.status));
}
el.appendChild(error);
}
el.style.height = el.scrollHeight + 'px';
});
}
Expand Down
6 changes: 4 additions & 2 deletions fittr-flickr/utils/dom.js
Expand Up @@ -22,8 +22,10 @@ function createText(txt) {
return document.createTextNode(txt);
}

function createEl(el) {
return document.createElement(el);
function createEl(el, opt_className) {
var el = document.createElement(el);
if (opt_className) el.className = opt_className;
return el;
}

function getEl(id) {
Expand Down

0 comments on commit 08875dd

Please sign in to comment.