Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed: wflow-core - Userview - Fixed XSS issue on key parameter. @7.0…
…-SNAPSHOT
  • Loading branch information
owen-joget committed Aug 29, 2022
1 parent d69ee5f commit ecf8be8
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 13 deletions.
Expand Up @@ -67,7 +67,7 @@ public String embedView(ModelMap map, HttpServletRequest request, HttpServletRes
}

//check for empty key
if (key != null && key.equals(Userview.USERVIEW_KEY_EMPTY_VALUE)) {
if (key == null || (key != null && key.equals(Userview.USERVIEW_KEY_EMPTY_VALUE))) {
key = "";
}

Expand Down
Expand Up @@ -172,6 +172,7 @@ public Userview createUserview(AppDefinition appDef, String json, String menuId,
requestParameters.put("embed", Boolean.toString(embed));
requestParameters.put("appId", appDef.getAppId());
requestParameters.put("appVersion", appDef.getVersion().toString());
requestParameters.put("key", (key != null)?key:"");

String appId = appDef.getId();
String appVersion = appDef.getVersion().toString();
Expand Down
Expand Up @@ -374,19 +374,19 @@ protected String getInternalJsCssLib(Map<String, Object> data) {
String serviceWorkerUrl = data.get("context_path") + "/web/userview/" + appId + "/" + userviewId + "/"+key+"/serviceworker";
jsCssLink += "<script>$(function() {"
+ "var initPwaUtil = function(){"
+ "PwaUtil.contextPath = '" + data.get("context_path") + "';"
+ "PwaUtil.userviewKey = '" + key + "';"
+ "PwaUtil.homePageLink = '" + data.get("home_page_link") + "';"
+ "PwaUtil.serviceWorkerPath = '" + serviceWorkerUrl + "';"
+ "PwaUtil.subscriptionApiPath = '" + data.get("context_path") + "/web/console/profile/subscription';"
+ "PwaUtil.contextPath = '" + StringUtil.escapeString(data.get("context_path").toString(), StringUtil.TYPE_JAVASCIPT, null) + "';"
+ "PwaUtil.userviewKey = '" + StringUtil.escapeString(key, StringUtil.TYPE_JAVASCIPT, null) + "';"
+ "PwaUtil.homePageLink = '" + StringUtil.escapeString(data.get("home_page_link").toString(), StringUtil.TYPE_JAVASCIPT, null) + "';"
+ "PwaUtil.serviceWorkerPath = '" + StringUtil.escapeString(serviceWorkerUrl, StringUtil.TYPE_JAVASCIPT, null) + "';"
+ "PwaUtil.subscriptionApiPath = '" + StringUtil.escapeString(data.get("context_path").toString(), StringUtil.TYPE_JAVASCIPT, null) + "/web/console/profile/subscription';"
+ "PwaUtil.pushEnabled = " + pushEnabled + ";"
+ "PwaUtil.currentUsername = '" + workflowUserManager.getCurrentUsername() + "';"
+ "PwaUtil.onlineNotificationMessage = '" + pwaOnlineNotificationMessage + "';"
+ "PwaUtil.offlineNotificationMessage = '" + pwaOfflineNotificationMessage + "';"
+ "PwaUtil.loginPromptMessage = '" + pwaLoginPromptMessage + "';"
+ "PwaUtil.syncingMessage = '" + pwaSyncingMessage + "';"
+ "PwaUtil.syncFailedMessage = '" + pwaSyncFailedMessage + "';"
+ "PwaUtil.syncSuccessMessage = '" + pwaSyncSuccessMessage + "';"
+ "PwaUtil.currentUsername = '" + StringUtil.escapeString(workflowUserManager.getCurrentUsername(), StringUtil.TYPE_JAVASCIPT, null) + "';"
+ "PwaUtil.onlineNotificationMessage = '" + StringUtil.escapeString(pwaOnlineNotificationMessage, StringUtil.TYPE_JAVASCIPT, null) + "';"
+ "PwaUtil.offlineNotificationMessage = '" + StringUtil.escapeString(pwaOfflineNotificationMessage, StringUtil.TYPE_JAVASCIPT, null) + "';"
+ "PwaUtil.loginPromptMessage = '" + StringUtil.escapeString(pwaLoginPromptMessage, StringUtil.TYPE_JAVASCIPT, null) + "';"
+ "PwaUtil.syncingMessage = '" + StringUtil.escapeString(pwaSyncingMessage, StringUtil.TYPE_JAVASCIPT, null) + "';"
+ "PwaUtil.syncFailedMessage = '" + StringUtil.escapeString(pwaSyncFailedMessage, StringUtil.TYPE_JAVA, null) + "';"
+ "PwaUtil.syncSuccessMessage = '" + StringUtil.escapeString(pwaSyncSuccessMessage, StringUtil.TYPE_JAVASCIPT, null) + "';"
+ "PwaUtil.isEmbedded = " + isEmbedded + ";"
+ "PwaUtil.register();"
+ "PwaUtil.init();"
Expand Down

0 comments on commit ecf8be8

Please sign in to comment.