Halaman utama Jelajahi Bantuan
Masuk
LBP
/
netbox
cermin dari https://github.com/netbox-community/netbox.git
2
0
Fork 0
Berkas Masalah 0 Wiki
Jelajahi Sumber

Fixes #20009: Fix DOM-based XSS vulnerability in search export functionality

Replace direct string concatenation with URLSearchParams to properly
encode user input in export link URLs, preventing injection of malicious
parameters or scripts through the search functionality.

Resolves CodeQL Alert #63 (js/xss-through-dom)
Jason Novinger 6 bulan lalu
induk
bb83187505
melakukan
2c09973e01
3 mengubah file dengan 3 tambahan dan 1 penghapusan
Tampilan Split Tampilkan Statistik Diff
  1. 0 0
      netbox/project-static/dist/netbox.js
  2. 0 0
      netbox/project-static/dist/netbox.js.map
  3. 3 1
      netbox/project-static/src/search.ts

File diff ditekan karena terlalu besar
+ 0 - 0
netbox/project-static/dist/netbox.js


File diff ditekan karena terlalu besar
+ 0 - 0
netbox/project-static/dist/netbox.js.map


+ 3 - 1
netbox/project-static/src/search.ts
Tampilan Berkas 

@@ -38,7 +38,9 @@ function handleQuickSearchParams(event: Event): void {
 
 
   if (quickSearchParameters != null) {
 
     const link = document.getElementById('export_current_view') as HTMLLinkElement;
 
-    const search_parameter = `q=${quickSearchParameters.value}`;
 
+    const params = new URLSearchParams();
 
+    params.set('q', quickSearchParameters.value);
 
+    const search_parameter = params.toString();
 
     const linkUpdated = link?.href + '&' + search_parameter;
 
     link.setAttribute('href', linkUpdated);
 
   }

Beberapa file tidak ditampilkan karena terlalu banyak file yang berubah dalam diff ini