Home Esplora Aiuto
Accedi
LBP
/
netbox
mirror da https://github.com/netbox-community/netbox.git
2
0
Forka 0
File Problemi 0 Wiki
Sfoglia il codice sorgente

Fixes #20009: Fix DOM-based XSS vulnerability in search export functionality

Replace direct string concatenation with URLSearchParams to properly
encode user input in export link URLs, preventing injection of malicious
parameters or scripts through the search functionality.

Resolves CodeQL Alert #63 (js/xss-through-dom)
Jason Novinger 6 mesi fa
parent
bb83187505
commit
2c09973e01
3 ha cambiato i file con 3 aggiunte e 1 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 0 0
      netbox/project-static/dist/netbox.js
  2. 0 0
      netbox/project-static/dist/netbox.js.map
  3. 3 1
      netbox/project-static/src/search.ts

File diff suppressed because it is too large
+ 0 - 0
netbox/project-static/dist/netbox.js


File diff suppressed because it is too large
+ 0 - 0
netbox/project-static/dist/netbox.js.map


+ 3 - 1
netbox/project-static/src/search.ts
Vedi File 

@@ -38,7 +38,9 @@ function handleQuickSearchParams(event: Event): void {
 
 
   if (quickSearchParameters != null) {
 
     const link = document.getElementById('export_current_view') as HTMLLinkElement;
 
-    const search_parameter = `q=${quickSearchParameters.value}`;
 
+    const params = new URLSearchParams();
 
+    params.set('q', quickSearchParameters.value);
 
+    const search_parameter = params.toString();
 
     const linkUpdated = link?.href + '&' + search_parameter;
 
     link.setAttribute('href', linkUpdated);
 
   }

Some files were not shown because too many files changed in this diff