Skip to content

Commit

Permalink
Guard against Xss in Redirect.cshtml using signin-redirect.js
Browse files Browse the repository at this point in the history
  • Loading branch information
@alexhiggins732
alexhiggins732 committed Feb 14, 2024
1 parent 593c3cb commit 1c05069
Show file tree
Hide file tree
Showing 17 changed files with 63 additions and 32 deletions.
1 change: 1 addition & 0 deletions samples/Directory.Build.props
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
</PropertyGroup>
<ItemGroup>
<PackageVersion Include="HigginsSoft.IdentityServer8" Version="$(IdentityServerVersion)" />
<PackageVersion Include="HigginsSoft.IdentityServer8.Security" Version="$(IdentityServerVersion)" />
<PackageVersion Include="HigginsSoft.IdentityServer8.AspNetIdentity" Version="$(IdentityServerVersion)" />
<PackageVersion Include="HigginsSoft.IdentityServer8.EntityFramework" Version="$(IdentityServerVersion)" />
</ItemGroup>
Expand Down
3 changes: 2 additions & 1 deletion samples/Quickstarts/2_InteractiveAspNetCore/src/IdentityServer/IdentityServer.csproj
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
<Project Sdk="Microsoft.NET.Sdk.Web">
<Project Sdk="Microsoft.NET.Sdk.Web">
<ItemGroup>
<PackageReference Include="HigginsSoft.IdentityServer8" />
<PackageReference Include="HigginsSoft.IdentityServer8.Security" />
<PackageReference Include="Microsoft.Web.LibraryManager.Build" />
<PackageReference Include="Serilog.AspNetCore" />
<PackageReference Include="Microsoft.AspNetCore.Authentication.Google" />
Expand Down
7 changes: 5 additions & 2 deletions samples/Quickstarts/2_InteractiveAspNetCore/src/IdentityServer/Views/Shared/Redirect.cshtml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
@model RedirectViewModel

@using Microsoft.DependencyInjection.Extensions;
<div class="redirect-page">
<div class="lead">
<h1>You are now being returned to the application</h1>
Expand All @@ -8,4 +8,7 @@
</div>

<meta http-equiv="refresh" content="0;url=@Model.RedirectUrl" data-url="@Model.RedirectUrl">
<script src="~/js/signin-redirect.js"></script>
<script>
var url = '@Ioc.Sanitizer.Url.Sanitize(Model.RedirectUrl)';
window.location.href = url;
</script>
2 changes: 1 addition & 1 deletion samples/Quickstarts/2_InteractiveAspNetCore/src/IdentityServer/wwwroot/js/signin-redirect.js
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
window.location.href = document.querySelector("meta[http-equiv=refresh]").getAttribute("data-url");
//window.location.href = document.querySelector("meta[http-equiv=refresh]").getAttribute("data-url");
8 changes: 6 additions & 2 deletions samples/Quickstarts/3_AspNetCoreAndApis/src/IdentityServer/Views/Shared/Redirect.cshtml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
@model RedirectViewModel

@using Microsoft.DependencyInjection.Extensions;
<div class="redirect-page">
<div class="lead">
<h1>You are now being returned to the application</h1>
Expand All @@ -8,4 +8,8 @@
</div>

<meta http-equiv="refresh" content="0;url=@Model.RedirectUrl" data-url="@Model.RedirectUrl">
<script src="~/js/signin-redirect.js"></script>
<script>
var url = '@Ioc.Sanitizer.Url.Sanitize(Model.RedirectUrl)';
window.location.href = url;
</script>

2 changes: 1 addition & 1 deletion samples/Quickstarts/3_AspNetCoreAndApis/src/IdentityServer/wwwroot/js/signin-redirect.js
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
window.location.href = document.querySelector("meta[http-equiv=refresh]").getAttribute("data-url");
//window.location.href = document.querySelector("meta[http-equiv=refresh]").getAttribute("data-url");
7 changes: 5 additions & 2 deletions samples/Quickstarts/4_JavaScriptClient/src/IdentityServer/Views/Shared/Redirect.cshtml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
@model RedirectViewModel

@using Microsoft.DependencyInjection.Extensions;
<div class="redirect-page">
<div class="lead">
<h1>You are now being returned to the application</h1>
Expand All @@ -8,4 +8,7 @@
</div>

<meta http-equiv="refresh" content="0;url=@Model.RedirectUrl" data-url="@Model.RedirectUrl">
<script src="~/js/signin-redirect.js"></script>
<script>
var url = '@Ioc.Sanitizer.Url.Sanitize(Model.RedirectUrl)';
window.location.href = url;
</script>
2 changes: 1 addition & 1 deletion samples/Quickstarts/4_JavaScriptClient/src/IdentityServer/wwwroot/js/signin-redirect.js
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
window.location.href = document.querySelector("meta[http-equiv=refresh]").getAttribute("data-url");
// window.location.href = document.querySelector("meta[http-equiv=refresh]").getAttribute("data-url");
7 changes: 5 additions & 2 deletions samples/Quickstarts/5_EntityFramework/src/IdentityServer/Views/Shared/Redirect.cshtml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
@model RedirectViewModel

@using Microsoft.DependencyInjection.Extensions;
<div class="redirect-page">
<div class="lead">
<h1>You are now being returned to the application</h1>
Expand All @@ -8,4 +8,7 @@
</div>

<meta http-equiv="refresh" content="0;url=@Model.RedirectUrl" data-url="@Model.RedirectUrl">
<script src="~/js/signin-redirect.js"></script>
<script>
var url = '@Ioc.Sanitizer.Url.Sanitize(Model.RedirectUrl)';
window.location.href = url;
</script>
2 changes: 1 addition & 1 deletion samples/Quickstarts/5_EntityFramework/src/IdentityServer/wwwroot/js/signin-redirect.js
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
window.location.href = document.querySelector("meta[http-equiv=refresh]").getAttribute("data-url");
// window.location.href = document.querySelector("meta[http-equiv=refresh]").getAttribute("data-url");
7 changes: 5 additions & 2 deletions ...uickstarts/6_AspNetIdentity/src/IdentityServerAspNetIdentity/Views/Shared/Redirect.cshtml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
@model RedirectViewModel

@using Microsoft.DependencyInjection.Extensions;
<div class="redirect-page">
<div class="lead">
<h1>You are now being returned to the application</h1>
Expand All @@ -8,4 +8,7 @@
</div>

<meta http-equiv="refresh" content="0;url=@Model.RedirectUrl" data-url="@Model.RedirectUrl">
<script src="~/js/signin-redirect.js"></script>
<script>
var url = '@Ioc.Sanitizer.Url.Sanitize(Model.RedirectUrl)';
window.location.href = url;
</script>
2 changes: 1 addition & 1 deletion ...ickstarts/6_AspNetIdentity/src/IdentityServerAspNetIdentity/wwwroot/js/signin-redirect.js
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
window.location.href = document.querySelector("meta[http-equiv=refresh]").getAttribute("data-url");
// window.location.href = document.querySelector("meta[http-equiv=refresh]").getAttribute("data-url");
9 changes: 6 additions & 3 deletions src/AspNetIdentity/host/Views/Shared/Redirect.cshtml
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,14 @@
@model RedirectViewModel

@using Microsoft.DependencyInjection.Extensions;
<div class="redirect-page">
<div class="lead">
<h1>You are now being returned to the application</h1>
<p>Once complete, you may close this tab.</p>
</div>
</div>

<meta http-equiv="refresh" content="0;url=@Model.RedirectUrl" data-url="@Model.RedirectUrl">
<script src="~/js/signin-redirect.js"></script>
<meta http-equiv="refresh" content="0;url=@Model.RedirectUrl" data-url="@Model.RedirectUrl.SantizeForRedirect()">
<script>
var url = '@Model.RedirectUrl.SanitizeForUrl()';
window.location.href = url;
</script>
2 changes: 1 addition & 1 deletion src/AspNetIdentity/host/wwwroot/js/signin-redirect.js
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
window.location.href = document.querySelector("meta[http-equiv=refresh]").getAttribute("data-url");
//window.location.href = document.querySelector("meta[http-equiv=refresh]").getAttribute("data-url");
7 changes: 5 additions & 2 deletions src/IdentityServer8/host/Views/Shared/Redirect.cshtml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
@model RedirectViewModel

@using Microsoft.DependencyInjection.Extensions;
<div class="redirect-page">
<div class="lead">
<h1>You are now being returned to the application</h1>
Expand All @@ -8,4 +8,7 @@
</div>

<meta http-equiv="refresh" content="0;url=@Model.RedirectUrl" data-url="@Model.RedirectUrl">
<script src="~/js/signin-redirect.js"></script>
<script>
var url = '@Model.RedirectUrl.SanitizeForUrl()';
window.location.href = url;
</script>
2 changes: 1 addition & 1 deletion src/IdentityServer8/host/wwwroot/js/signin-redirect.js
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
window.location.href = document.querySelector("meta[http-equiv=refresh]").getAttribute("data-url");
//window.location.href = document.querySelector("meta[http-equiv=refresh]").getAttribute("data-url");
25 changes: 16 additions & 9 deletions src/Security/IdentityServer8.Security/Sanitizer.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -327,7 +327,7 @@ public Sanitizer(ISanitizerFactory sanitizerFactory)
Log = sanitizerFactory.Create<ILogSanitizer>();
}


public IHtmlSanitizer Html { get; }
public IXmlSanitizer Xml { get; }
public IJsonSanitizer Json { get; }
Expand Down Expand Up @@ -371,46 +371,53 @@ public static IServiceCollection AddSanitizers(this IServiceCollection services)
return Ioc.Sanitizer.Log.Sanitize(input?.ToString(), mode);
}

public static string? SanitizeForHtml(object? input, SanitizerMode mode = SanitizerMode.Clean)
public static string? SanitizeForHtml(this object? input, SanitizerMode mode = SanitizerMode.Clean)
{
return Ioc.Sanitizer.Html.Sanitize(input?.ToString(), mode);
}

public static string? SanitizeForXml(object? input, SanitizerMode mode = SanitizerMode.Clean)
public static string? SanitizeForXml(this object? input, SanitizerMode mode = SanitizerMode.Clean)
{
return Ioc.Sanitizer.Xml.Sanitize(input?.ToString(), mode);
}

public static string? SanitizeForJson(object? input, SanitizerMode mode = SanitizerMode.Clean)
public static string? SanitizeForJson(this object? input, SanitizerMode mode = SanitizerMode.Clean)
{
return Ioc.Sanitizer.Json.Sanitize(input?.ToString(), mode);
}

public static string? SanitizeForUrl(object? input, SanitizerMode mode = SanitizerMode.Clean)
public static string? SanitizeForUrl(this object? input, SanitizerMode mode = SanitizerMode.Clean)
{
return Ioc.Sanitizer.Url.Sanitize(input?.ToString(), mode);
}

public static string? SanitizeForCss(object? input, SanitizerMode mode = SanitizerMode.Clean)
public static string? SanitizeForCss(this object? input, SanitizerMode mode = SanitizerMode.Clean)
{
return Ioc.Sanitizer.Css.Sanitize(input?.ToString(), mode);
}

public static string? SanitizeForScript(object? input, SanitizerMode mode = SanitizerMode.Clean)
public static string? SanitizeForScript(this object? input, SanitizerMode mode = SanitizerMode.Clean)
{
return Ioc.Sanitizer.Script.Sanitize(input?.ToString(), mode);
}

public static string? SanitizeForStyle(object? input, SanitizerMode mode = SanitizerMode.Clean)
public static string? SanitizeForStyle(this object? input, SanitizerMode mode = SanitizerMode.Clean)
{
return Ioc.Sanitizer.Style.Sanitize(input?.ToString(), mode);
}

public static string? SanitizeForSql(object? input, SanitizerMode mode = SanitizerMode.Clean)
public static string? SanitizeForSql(this object? input, SanitizerMode mode = SanitizerMode.Clean)
{
return Ioc.Sanitizer.Sql.Sanitize(input?.ToString(), mode);
}

public static string? SantizeForRedirect(this object? input, SanitizerMode mode = SanitizerMode.Clean)
{
var decoded = Uri.UnescapeDataString(input?.ToString() ?? "");
decoded.SanitizeForHtml();
var escaped = Uri.EscapeDataString(decoded);
return escaped;
}

}

Expand Down

0 comments on commit 1c05069

Please sign in to comment.