Skip to content

Commit f33a42f

Browse files
madhuracjnijel
authored andcommitted
Fix XSS in normalization.js
Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
1 parent b3d36dc commit f33a42f

File tree

2 files changed

+19
-1
lines changed

2 files changed

+19
-1
lines changed

Diff for: js/functions.js

+18
Original file line numberDiff line numberDiff line change
@@ -243,6 +243,24 @@ function escapeHtml(unsafe) {
243243
}
244244
}
245245

246+
function escapeJsString(unsafe) {
247+
if (typeof(unsafe) != 'undefined') {
248+
return unsafe
249+
.toString()
250+
.replace("\000", '')
251+
.replace('\\', '\\\\')
252+
.replace('\'', '\\\'')
253+
.replace("&#039;", "\\\&#039;")
254+
.replace('"', '\"')
255+
.replace("&quot;", "\&quot;")
256+
.replace("\n", '\n')
257+
.replace("\r", '\r')
258+
.replace(/<\/script/gi, '</\' + \'script')
259+
} else {
260+
return false;
261+
}
262+
}
263+
246264
function PMA_sprintf() {
247265
return sprintf.apply(this, arguments);
248266
}

Diff for: js/normalization.js

+1-1
Original file line numberDiff line numberDiff line change
@@ -638,7 +638,7 @@ AJAX.registerOnload('normalization.js', function() {
638638
'</ol>';
639639
$("#newCols").html(confirmStr);
640640
$('.tblFooters').html('<input type="submit" value="' + PMA_messages.strCancel + '" onclick="$(\'#newCols\').html(\'\');$(\'#extra input[type=checkbox]\').removeAttr(\'checked\')"/>' +
641-
'<input type="submit" value="' + PMA_messages.strGo + '" onclick="moveRepeatingGroup(\'' + repeatingCols + '\')"/>');
641+
'<input type="submit" value="' + PMA_messages.strGo + '" onclick="moveRepeatingGroup(\'' + escapeJsString(escapeHtml(repeatingCols)) + '\')"/>');
642642
}
643643
});
644644
$("#mainContent p").on("click", "#createPrimaryKey", function(event) {

0 commit comments

Comments
 (0)