From 8287a64172b59db43d5773903c1b9fc8ff0fe6bb Mon Sep 17 00:00:00 2001 From: Kelson42 Date: Thu, 8 Jan 2015 12:51:42 +0100 Subject: [PATCH] FIXED: kiwix-serve XSS attack vulnerability (#763) --- src/common/kiwix/searcher.cpp | 2 +- src/common/stringTools.cpp | 8 ++++++++ src/common/stringTools.h | 1 + 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/src/common/kiwix/searcher.cpp b/src/common/kiwix/searcher.cpp index 2ab1949cc..36d5b3529 100644 --- a/src/common/kiwix/searcher.cpp +++ b/src/common/kiwix/searcher.cpp @@ -180,7 +180,7 @@ namespace kiwix { oData["pages"] = pagesCDT; oData["count"] = kiwix::beautifyInteger(this->estimatedResultCount); - oData["searchPattern"] = this->searchPattern; + oData["searchPattern"] = kiwix::encodeDiples(this->searchPattern); oData["searchPatternEncoded"] = urlEncode(this->searchPattern); oData["resultStart"] = this->resultStart + 1; oData["resultEnd"] = (this->resultEnd > this->estimatedResultCount ? this->estimatedResultCount : this->resultEnd); diff --git a/src/common/stringTools.cpp b/src/common/stringTools.cpp index 15913b1cc..0b0ceeeba 100644 --- a/src/common/stringTools.cpp +++ b/src/common/stringTools.cpp @@ -104,6 +104,14 @@ void kiwix::stringReplacement(std::string& str, const std::string& oldStr, const } } +/* Encode string to avoid XSS attacks */ +std::string kiwix::encodeDiples(const std::string& str) { + std::string result = str; + kiwix::stringReplacement(result, "<", "<"); + kiwix::stringReplacement(result, ">", ">"); + return result; +} + // Urlencode //based on javascript encodeURIComponent() diff --git a/src/common/stringTools.h b/src/common/stringTools.h index 8a6683af5..2a2367b29 100644 --- a/src/common/stringTools.h +++ b/src/common/stringTools.h @@ -48,6 +48,7 @@ namespace kiwix { void printStringInHexadecimal(const char *s); void printStringInHexadecimal(UnicodeString s); void stringReplacement(std::string& str, const std::string& oldStr, const std::string& newStr); + std::string encodeDiples(const std::string& str); #endif