kumquat-buildroot/package/janus-gateway/0004-Fixed-missing-XSS-mitigation.patch
Fabrice Fontaine 2fd3c2cf43 package/janus-gateway: fix CVE-2021-4124
janus-gateway is vulnerable to Improper Neutralization of Input During
Web Page Generation ('Cross-site Scripting')

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-12-22 18:48:02 +01:00

26 lines
1.1 KiB
Diff

From f62bba6513ec840761f2434b93168106c7c65a3d Mon Sep 17 00:00:00 2001
From: Lorenzo Miniero <lminiero@gmail.com>
Date: Wed, 15 Dec 2021 14:10:01 +0100
Subject: [PATCH] Fixed missing XSS mitigation (see #2817)
[Retrieved from:
https://github.com/meetecho/janus-gateway/commit/f62bba6513ec840761f2434b93168106c7c65a3d]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
html/textroomtest.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/html/textroomtest.js b/html/textroomtest.js
index bf95a260a..7d5ae832c 100644
--- a/html/textroomtest.js
+++ b/html/textroomtest.js
@@ -351,7 +351,7 @@ function sendPrivateMsg(username) {
text: JSON.stringify(message),
error: function(reason) { bootbox.alert(reason); },
success: function() {
- $('#chatroom').append('<p style="color: purple;">[' + getDateString() + '] <b>[whisper to ' + display + ']</b> ' + result);
+ $('#chatroom').append('<p style="color: purple;">[' + getDateString() + '] <b>[whisper to ' + display + ']</b> ' + escapeXmlTags(result));
$('#chatroom').get(0).scrollTop = $('#chatroom').get(0).scrollHeight;
}
});