Fix XSS issue with data retrieved via RIPE REST for AS objects

Thanks to Cynthia Revström for reporting this.
inex · Mar 8, 2019 · d3b8a54 · d3b8a54
1 parent 0a2b28a
commit d3b8a54
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 15 deletions.
diff --git a/public/css/ixp-manager.css b/public/css/ixp-manager.css
@@ -710,10 +710,12 @@ td a:hover{
 
 .asn-table{
     margin-left: 30px;
+    font-family: 'Courier New', Courier, monospace;
 }
 
 .asn-table tr td{
-    padding : 4px;
+    padding : 1px;
+    padding-left: 5px;
 }
 
 .scrollable-dropdown {

diff --git a/public/js/ixp-manager.js b/public/js/ixp-manager.js
@@ -147,6 +147,20 @@ function ixpRandomString( length = 12 ) {
 }
 
 
+/**
+ * Equivalent of PHP's htmlentities()
+ * @param str
+ * @returns {string}
+ */
+function htmlEntities(str) {
+    return String(str).replace(/&/g, '&amp;')
+                        .replace(/</g, '&lt;')
+                        .replace(/>/g, '&gt;')
+                        .replace(/"/g, '&quot;')
+                        .replace(/'/g, '&quot;');
+}
+
+
 /**
  * Replaces an AS  Number with some JS magic to invoke a BootBox.
  *
@@ -162,21 +176,8 @@ function ixpAsnumber( asNumber ) {
             $.each(data, function (i, info) {
                 datas += `<tr><td>${info.name}:</td><td>`;
 
-                if (info.link !== undefined) {
-                    let link = info.link;
-                    if (!link.includes(".json")) {
-                        link = link + ".json";
-                    }
-
-                    datas += ` <a target="_blank" href="${link}">${info.value}<a/>`;
-                } else {
-                    datas += `${info.value}`;
-                }
+                datas += htmlEntities( info.value );
 
-                if (info.comment !== undefined) {
-                    datas += ` # ${info.comment}`;
-
-                }
                 datas += `</td>`;
             });