Skip to content

Commit

Permalink
Merge pull request #462 from korpd/fix-xss-461
Browse files Browse the repository at this point in the history 
Fix reflected XSS in 'key' parameter. Fixes #461
  • Loading branch information
@petrsloup
petrsloup committed Jul 2, 2020
2 parents a5a8ae1 + 10431d7 commit f8563e1
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 5 deletions.
2 changes: 1 addition & 1 deletion src/serve_style.js
View file
Expand Up @@ -17,7 +17,7 @@ const fixUrl = (req, url, publicUrl, opt_nokey) => {
}
const queryParams = [];
if (!opt_nokey && req.query.key) {
queryParams.unshift(`key=${req.query.key}`);
queryParams.unshift(`key=${encodeURIComponent(req.query.key)}`);
}
let query = '';
if (queryParams.length) {
Expand Down
6 changes: 3 additions & 3 deletions src/server.js
View file
Expand Up @@ -243,7 +243,7 @@ function start(opts) {

app.get('/styles.json', (req, res, next) => {
const result = [];
const query = req.query.key ? (`?key=${req.query.key}`) : '';
const query = req.query.key ? (`?key=${encodeURIComponent(req.query.key)}`) : '';
for (const id of Object.keys(serving.styles)) {
const styleJSON = serving.styles[id].styleJSON;
result.push({
Expand Down Expand Up @@ -319,8 +319,8 @@ function start(opts) {
data['public_url'] = opts.publicUrl || '/';
data['is_light'] = isLight;
data['key_query_part'] =
req.query.key ? `key=${req.query.key}&` : '';
data['key_query'] = req.query.key ? `?key=${req.query.key}` : '';
req.query.key ? `key=${encodeURIComponent(req.query.key)}&` : '';
data['key_query'] = req.query.key ? `?key=${encodeURIComponent(req.query.key)}` : '';
if (template === 'wmts') res.set('Content-Type', 'text/xml');
return res.status(200).send(compiled(data));
});
Expand Down
2 changes: 1 addition & 1 deletion src/utils.js
View file
Expand Up @@ -40,7 +40,7 @@ module.exports.getTileUrls = (req, domains, path, format, publicUrl, aliases) =>
const key = req.query.key;
const queryParams = [];
if (req.query.key) {
queryParams.push(`key=${req.query.key}`);
queryParams.push(`key=${encodeURIComponent(req.query.key)}`);
}
if (req.query.style) {
queryParams.push(`style=${req.query.style}`);
Expand Down

0 comments on commit f8563e1

Please sign in to comment.