Skip to content

Commit

Permalink
fixes potential xss by properly encoding xml
Browse files Browse the repository at this point in the history
  • Loading branch information
Paul committed Jan 23, 2020
1 parent d6b93d9 commit 6eb2783
Showing 1 changed file with 15 additions and 4 deletions.
19 changes: 15 additions & 4 deletions xmpp/util.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,20 @@ dojo.provide("dojox.xmpp.util");
dojo.require("dojox.string.Builder");
dojo.require("dojox.encoding.base64");

var xmlEntityMap = {
'&': '&',
'>': '>',
'<': '&lt;',
'\'': '&apos;',
'"': '&quot;'
};
var xmlEntityRegex = /(&|>|<|'|")/g;

dojox.xmpp.util.xmlEncode = function(str) {
if(str) {
str = str.replace("&", "&amp;").replace(">", "&gt;").replace("<", "&lt;").replace("'", "&apos;").replace('"', "&quot;");
str = str.replace(xmlEntityRegex, function (match) {
return xmlEntityMap[match] || '';
})
}
return str;
};
Expand Down Expand Up @@ -49,7 +60,7 @@ dojox.xmpp.util.encodeJid = function(jid) {
};

dojox.xmpp.util.decodeJid = function(jid) {

jid = jid.replace(/\\([23][02367acef])/g, function(match) {
switch(match){
case "\\20" :
Expand All @@ -73,7 +84,7 @@ dojox.xmpp.util.decodeJid = function(jid) {
}
return "ARG";
});

return jid;
};

Expand All @@ -87,7 +98,7 @@ dojox.xmpp.util.createElement = function(tag, attributes, terminal){
elem.append(attributes[attr]);
elem.append('" ');
}

if (terminal){
elem.append("/>");
}else{
Expand Down

0 comments on commit 6eb2783

Please sign in to comment.