jcarr
/
noVNC
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use textContent instead of innerHTML 

Previously, setting `innerHTML` was used to display the statuses.  These
could include content communicated from the remote VNC server, allowing
the remove VNC server to inject HTML into the noVNC page.

This commit switches all uses of `innerHTML` to use `textContent`, which
is not vulnerable to the HTML injection.
This commit is contained in:
Solly Ross 2017-01-12 11:43:35 -05:00
parent da82b3426c
commit 15ce2f71eb
10 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
include/ui.js
View File

@ -285,7 +285,7 @@ var UI;
if (typeof(msg) !== 'undefined') { if (typeof(msg) !== 'undefined') {
$D('noVNC_control_bar').setAttribute("class", klass); $D('noVNC_control_bar').setAttribute("class", klass);
$D('noVNC_status').innerHTML = msg; $D('noVNC_status').textContent = msg;
} }
UI.updateVisualState(); UI.updateVisualState();
@ -360,9 +360,9 @@ var UI;
clearTimeout(UI.popupStatusTimeout); clearTimeout(UI.popupStatusTimeout);
if (typeof text === 'string') { if (typeof text === 'string') {
psp.innerHTML = text; psp.textContent = text;
} else { } else {
psp.innerHTML = $D('noVNC_status').innerHTML; psp.textContent = $D('noVNC_status').textContent;
} }
psp.style.display = "block"; psp.style.display = "block";
psp.style.left = window.innerWidth/2 - psp.style.left = window.innerWidth/2 -

2
tests/arrays.js
View File

@ -36,7 +36,7 @@ if (Util.Engine.trident) {
function message(str) { function message(str) {
//console.log(str); //console.log(str);
cell = $D('messages'); cell = $D('messages');
cell.innerHTML += str + newline; cell.textContent += str + newline;
cell.scrollTop = cell.scrollHeight; cell.scrollTop = cell.scrollHeight;
} }

2
tests/base64.html
View File

@ -20,7 +20,7 @@
function debug(str) { function debug(str) {
console.log(str); console.log(str);
cell = $D('debug'); cell = $D('debug');
cell.innerHTML += str + "\n"; cell.textContent += str + "\n";
cell.scrollTop = cell.scrollHeight; cell.scrollTop = cell.scrollHeight;
} }

2
tests/canvas.html
View File

@ -42,7 +42,7 @@
function message(str) { function message(str) {
console.log(str); console.log(str);
cell = $D('messages'); cell = $D('messages');
cell.innerHTML += msg_cnt + ": " + str + "\n"; cell.textContent += msg_cnt + ": " + str + "\n";
cell.scrollTop = cell.scrollHeight; cell.scrollTop = cell.scrollHeight;
msg_cnt += 1; msg_cnt += 1;
} }

2
tests/cursor.html
View File

@ -35,7 +35,7 @@
function debug(str) { function debug(str) {
console.log(str); console.log(str);
cell = $D('debug'); cell = $D('debug');
cell.innerHTML += str + "\n"; cell.textContent += str + "\n";
cell.scrollTop = cell.scrollHeight; cell.scrollTop = cell.scrollHeight;
} }

2
tests/input.html
View File

@ -44,7 +44,7 @@
function message(str) { function message(str) {
console.log(str); console.log(str);
cell = $D('messages'); cell = $D('messages');
cell.innerHTML += msg_cnt + ": " + str + newline; cell.textContent += msg_cnt + ": " + str + newline;
cell.scrollTop = cell.scrollHeight; cell.scrollTop = cell.scrollHeight;
msg_cnt++; msg_cnt++;
} }

2
tests/viewport.html
View File

@ -56,7 +56,7 @@
function message(str) { function message(str) {
console.log(str); console.log(str);
cell = $D('messages'); cell = $D('messages');
cell.innerHTML += msg_cnt + ": " + str + newline; cell.textContent += msg_cnt + ": " + str + newline;
cell.scrollTop = cell.scrollHeight; cell.scrollTop = cell.scrollHeight;
msg_cnt++; msg_cnt++;
} }

4
tests/vnc_perf.html
View File

@ -64,7 +64,7 @@
function msg(str) { function msg(str) {
console.log(str); console.log(str);
var cell = $D('messages'); var cell = $D('messages');
cell.innerHTML += str + "\n"; cell.textContent += str + "\n";
cell.scrollTop = cell.scrollHeight; cell.scrollTop = cell.scrollHeight;
} }
function dbgmsg(str) { function dbgmsg(str) {
@ -88,7 +88,7 @@
break; break;
} }
if (typeof mesg !== 'undefined') { if (typeof mesg !== 'undefined') {
$D('VNC_status').innerHTML = mesg; $D('VNC_status').textContent = mesg;
} }
} }

4
tests/vnc_playback.html
View File

@ -51,7 +51,7 @@
function message(str) { function message(str) {
console.log(str); console.log(str);
var cell = $D('messages'); var cell = $D('messages');
cell.innerHTML += str + "\n"; cell.textContent += str + "\n";
cell.scrollTop = cell.scrollHeight; cell.scrollTop = cell.scrollHeight;
} }
@ -78,7 +78,7 @@
break; break;
} }
if (typeof msg !== 'undefined') { if (typeof msg !== 'undefined') {
$D('VNC_status').innerHTML = msg; $D('VNC_status').textContent = msg;
} }
} }

2
vnc_auto.html
View File

@ -152,7 +152,7 @@
if (typeof(msg) !== 'undefined') { if (typeof(msg) !== 'undefined') {
sb.setAttribute("class", "noVNC_status_" + level); sb.setAttribute("class", "noVNC_status_" + level);
s.innerHTML = msg; s.textContent = msg;
} }
} }