frontend: fix XSS (#57) (#58)

2022-08-05 21:59:18 -04:00
parent 4b3980f6bd
commit 982326a678
6 changed files with 56 additions and 38 deletions
--- a/frontend/assets/templates/bgpmap.tpl
+++ b/frontend/assets/templates/bgpmap.tpl
@@ -6,7 +6,7 @@
 <script src="/static/jsdelivr/npm/viz.js@2.1.2/lite.render.js" crossorigin="anonymous"></script>
 <script>
  var viz = new Viz();
-  viz.renderSVGElement(`{{ .Result }}`)
+  viz.renderSVGElement(atob({{ .Result }}))
  .then(element => {
    document.getElementById("bgpmap").appendChild(element);
  })
--- a/frontend/assets/templates/page.tpl
+++ b/frontend/assets/templates/page.tpl
@@ -37,8 +37,8 @@
 					href="{{ .AllServersURLCustom }}"> {{ .AllServerTitle }} </a>
 				{{ end }}
 			</li>
-			{{ $length := len .ServersEscaped }} 
-			{{ range $k, $v := .ServersEscaped }}
+			{{ $length := len .Servers }} 
+			{{ range $k, $v := .Servers }}
 			<li class="nav-item">
 				{{ if gt $length 1 }}
 				<a class="nav-link{{ if eq $server $v }} active{{ end }}"