smallsolar
/
libkiwix
mirror of https://github.com/kiwix/libkiwix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix against a malicious "</script>" in KIWIX_RESPONSE_DATA

This commit is contained in:
Veloman Yunkan 2024-01-25 15:37:31 +04:00 committed by Matthieu Gautier
parent 1f9026f295
commit dc3960c5f8
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/server/response.cpp
View File

@ -34,6 +34,7 @@
#include <array> #include <array>
#include <list> #include <list>
#include <map> #include <map>
#include <regex>
// This is somehow a magic value. // This is somehow a magic value.
// If this value is too small, we will compress (and lost cpu time) too much // If this value is too small, we will compress (and lost cpu time) too much
@ -330,7 +331,14 @@ std::string ContentResponseBlueprint::Data::asJSON() const
{ {
std::ostringstream oss; std::ostringstream oss;
this->dumpJSON(oss); this->dumpJSON(oss);
return oss.str();
// This JSON is going to be used in HTML inside a <script></script> tag.
// If it contains "</script>" (or "</script >") as a substring, then the HTML
// parser will be confused. Since for a valid JSON that may happen only inside
// a JSON string, we can safely take advantage of the answers to
// https://stackoverflow.com/questions/28259389/how-to-put-script-in-a-javascript-string
// and work around the issue by inserting an otherwise harmless backslash.
return std::regex_replace(oss.str(), std::regex("</script"), "</scr\\ipt");
} }
ContentResponseBlueprint::ContentResponseBlueprint(const RequestContext* request, ContentResponseBlueprint::ContentResponseBlueprint(const RequestContext* request,

2
test/server.cpp
View File

@ -817,7 +817,7 @@ TEST_F(ServerTest, Http404HtmlError)
{ /* url */ R"(/ROOT%23%3F/content/zimfile/</script>)", { /* url */ R"(/ROOT%23%3F/content/zimfile/</script>)",
book_name=="zimfile" && book_name=="zimfile" &&
book_title=="Ray Charles" && book_title=="Ray Charles" &&
expected_kiwix_response_data==R"({ "CSS_URL" : false, "PAGE_HEADING" : { "msgid" : "404-page-heading", "params" : { } }, "PAGE_TITLE" : { "msgid" : "404-page-title", "params" : { } }, "details" : [ { "p" : { "msgid" : "url-not-found", "params" : { "url" : "/ROOT%23%3F/content/zimfile/</script>" } } }, { "p" : { "msgid" : "suggest-search", "params" : { "PATTERN" : "script>", "SEARCH_URL" : "/ROOT%23%3F/search?content=zimfile&pattern=script%3E" } } } ] })" && expected_kiwix_response_data==R"({ "CSS_URL" : false, "PAGE_HEADING" : { "msgid" : "404-page-heading", "params" : { } }, "PAGE_TITLE" : { "msgid" : "404-page-title", "params" : { } }, "details" : [ { "p" : { "msgid" : "url-not-found", "params" : { "url" : "/ROOT%23%3F/content/zimfile/</scr\ipt>" } } }, { "p" : { "msgid" : "suggest-search", "params" : { "PATTERN" : "script>", "SEARCH_URL" : "/ROOT%23%3F/search?content=zimfile&pattern=script%3E" } } } ] })" &&
expected_body==R"( expected_body==R"(
<h1>Not Found</h1> <h1>Not Found</h1>
<p> <p>