Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
3.0.7
Added purify library to fix potentiel xss
  • Loading branch information
nilsteampassnet committed May 2, 2023
1 parent 0c53c20 commit 39b774c
Show file tree
Hide file tree
Showing 10 changed files with 4,811 additions and 7 deletions.
2 changes: 2 additions & 0 deletions index.php
Expand Up @@ -1154,6 +1154,8 @@
<script type="text/javascript" src="./plugins/icheck/icheck.min.js"></script>
<!-- bootstrap-add-clear -->
<script type="text/javascript" src="plugins/bootstrap-add-clear/bootstrap-add-clear.min.js"></script>
<!-- DOMPurify -->
<script type="text/javascript" src="plugins/DOMPurify/purify.min.js"></script>

<?php
$get = [];
Expand Down
14 changes: 7 additions & 7 deletions pages/items.js.php
Expand Up @@ -2795,30 +2795,30 @@ function(teampassApplication) {
var data = {
'anyone_can_modify': $('#form-item-anyoneCanModify').is(':checked') ? 1 : 0,
'complexity_level': parseInt($('#form-item-password-complex').val()),
'description': $('#form-item-description').summernote('code') !== "<p><br></p>" ? $('#form-item-description').summernote('code') : '',
'description': $('#form-item-description').summernote('code') !== "<p><br></p>" ? DOMPurify.sanitize($('#form-item-description').summernote('code'), {USE_PROFILES: {html: true}}) : '',
'diffusion_list': diffusion,
'diffusion_list_names': diffusionNames,
'folder': parseInt($('#form-item-folder').val()),
'email': $('#form-item-email').val(),
'email': DOMPurify.sanitize($('#form-item-email').val()),
'fields': fields,
'folder_is_personal': store.get('teampassItem').IsPersonalFolder === 1 ? 1 : 0,
'id': store.get('teampassItem').id,
'label': $('#form-item-label').val(),
'login': $('#form-item-login').val(),
'label': DOMPurify.sanitize($('#form-item-label').val()),
'login': DOMPurify.sanitize($('#form-item-login').val()),
'pw': $('#form-item-password').val(),
'restricted_to': restriction,
'restricted_to_roles': restrictionRole,
'tags': $('#form-item-tags').val(),
'tags': DOMPurify.sanitize($('#form-item-tags').val()),
'template_id': parseInt($('input.form-check-input-template:checkbox:checked').data('category-id')),
'to_be_deleted_after_date': ($('#form-item-deleteAfterDate').length !== 0 &&
$('#form-item-deleteAfterDate').val() !== '') ? $('#form-item-deleteAfterDate').val() : '',
'to_be_deleted_after_x_views': ($('#form-item-deleteAfterShown').length !== 0 &&
$('#form-item-deleteAfterShown').val() !== '' && $('#form-item-deleteAfterShown').val() >= 1) ?
parseInt($('#form-item-deleteAfterShown').val()) : '',
'url': $('#form-item-url').val(),
'url': DOMPurify.sanitize($('#form-item-url').val()),
'user_id': parseInt('<?php echo $_SESSION['user_id']; ?>'),
'uploaded_file_id': store.get('teampassApplication').uploadedFileId === undefined ? '' : store.get('teampassApplication').uploadedFileId,
'fa_icon': $('#form-item-icon').val(),
'fa_icon': DOMPurify.sanitize($('#form-item-icon').val()),
};
if (debugJavascript === true) {
console.log('SAVING DATA');
Expand Down
1,597 changes: 1,597 additions & 0 deletions plugins/DOMPurify/purify.cjs.js

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions plugins/DOMPurify/purify.cjs.js.map

Large diffs are not rendered by default.

1,595 changes: 1,595 additions & 0 deletions plugins/DOMPurify/purify.es.js

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions plugins/DOMPurify/purify.es.js.map

Large diffs are not rendered by default.

1,603 changes: 1,603 additions & 0 deletions plugins/DOMPurify/purify.js

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions plugins/DOMPurify/purify.js.map

Large diffs are not rendered by default.

3 changes: 3 additions & 0 deletions plugins/DOMPurify/purify.min.js

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions plugins/DOMPurify/purify.min.js.map

Large diffs are not rendered by default.

0 comments on commit 39b774c

Please sign in to comment.