Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix XSS in normalization.js
Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
  • Loading branch information
madhuracj authored and nijel committed Feb 25, 2016
1 parent b3d36dc commit f33a42f
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 1 deletion.
18 changes: 18 additions & 0 deletions js/functions.js
Expand Up @@ -243,6 +243,24 @@ function escapeHtml(unsafe) {
}
}

function escapeJsString(unsafe) {
if (typeof(unsafe) != 'undefined') {
return unsafe
.toString()
.replace("\000", '')
.replace('\\', '\\\\')
.replace('\'', '\\\'')
.replace("&#039;", "\\\&#039;")
.replace('"', '\"')
.replace("&quot;", "\&quot;")
.replace("\n", '\n')
.replace("\r", '\r')
.replace(/<\/script/gi, '</\' + \'script')
} else {
return false;
}
}

function PMA_sprintf() {
return sprintf.apply(this, arguments);
}
Expand Down
2 changes: 1 addition & 1 deletion js/normalization.js
Expand Up @@ -638,7 +638,7 @@ AJAX.registerOnload('normalization.js', function() {
'</ol>';
$("#newCols").html(confirmStr);
$('.tblFooters').html('<input type="submit" value="' + PMA_messages.strCancel + '" onclick="$(\'#newCols\').html(\'\');$(\'#extra input[type=checkbox]\').removeAttr(\'checked\')"/>' +
'<input type="submit" value="' + PMA_messages.strGo + '" onclick="moveRepeatingGroup(\'' + repeatingCols + '\')"/>');
'<input type="submit" value="' + PMA_messages.strGo + '" onclick="moveRepeatingGroup(\'' + escapeJsString(escapeHtml(repeatingCols)) + '\')"/>');
}
});
$("#mainContent p").on("click", "#createPrimaryKey", function(event) {
Expand Down

0 comments on commit f33a42f

Please sign in to comment.