Skip to content
This repository has been archived by the owner on Nov 21, 2019. It is now read-only.

Commit

Permalink
fix for xss
Browse files Browse the repository at this point in the history
  • Loading branch information
@kvhnuke
kvhnuke committed Mar 13, 2018
1 parent 84770c2 commit 093af73
Show file tree
Hide file tree
Showing 7 changed files with 2,245 additions and 27 deletions.
2 changes: 1 addition & 1 deletion app/scripts/controllers/tabsCtrl.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ var tabsCtrl = function($scope, globalService, $translate, $sce) {
$scope.notifier.danger(globalFuncs.errorMsgs[32]);
} else {
$scope.nodeIsConnected = true;
$scope.notifier.info( globalFuncs.successMsgs[5] + '<br /> URL: <strong>' + window.location.href + '</strong> <br /> Network: <strong>' + $scope.nodeType + ' </strong> provided by <strong>' + $scope.nodeService + '</strong>', 10000)
$scope.notifier.info( globalFuncs.successMsgs[5] + '<br /> URL: <strong>' + globalFuncs.stripTags(window.location.href) + '</strong> <br /> Network: <strong>' + $scope.nodeType + ' </strong> provided by <strong>' + $scope.nodeService + '</strong>', 10000)
}
});
networkHasChanged && window.setTimeout(function() {
Expand Down
6 changes: 1 addition & 5 deletions app/scripts/globalFuncs.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -163,11 +163,7 @@ globalFuncs.urlGet = function(name) {
if (name = (new RegExp('[?&]' + encodeURIComponent(name) + '=([^&]*)')).exec(location.search.toLowerCase())) return this.stripTags(decodeURIComponent(name[1]));
};
globalFuncs.stripTags = function(str) {
var SCRIPT_REGEX = /<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi;
while (SCRIPT_REGEX.test(str)) {
str = str.replace(SCRIPT_REGEX, "");
}
return str;
return xssFilters.inHTMLData(str);
};
globalFuncs.checkAndRedirectHTTPS = function() {
var host = "myetherwallet.com";
Expand Down
2 changes: 2 additions & 0 deletions app/scripts/main.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ var angularSanitize = require('angular-sanitize');
var angularAnimate = require('angular-animate');
var bip39 = require('bip39');
var HDKey = require('hdkey');
var xssFilters = require('xss-filters');
window.xssFilters = xssFilters;
window.hd = { bip39: bip39, HDKey: HDKey };
var BigNumber = require('bignumber.js');
window.BigNumber = BigNumber;
Expand Down
1,127 changes: 1,117 additions & 10 deletions chrome-extension/js/etherwallet-master.js
View file

Large diffs are not rendered by default.

1,127 changes: 1,117 additions & 10 deletions dist/js/etherwallet-master.js
View file

Large diffs are not rendered by default.

5 changes: 5 additions & 0 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 2 additions & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@
"npm": "^4.5.0",
"run-sequence": "^1.2.2",
"vinyl-buffer": "^1.0.0",
"vinyl-source-stream": "^1.1.0"
"vinyl-source-stream": "^1.1.0",
"xss-filters": "^1.2.7"
}
}

0 comments on commit 093af73

Please sign in to comment.