eessppeelllloo/esp8266_deauther
1
0
Fork 0
mirror of https://github.com/SpacehuhnTech/esp8266_deauther.git synced 2025-12-21 14:09:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

Updated JS to prevent XSS using SSIDs

Browse Source
This commit is contained in:
Stefan Kremser
2017-07-21 15:03:46 +02:00
parent f3c9fefe33
commit 9fe9fa2459
5 changed files with 21 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
esp8266_deauther/data.h
View File

File diff suppressed because one or more lines are too long

2
web_server/html/js/apscan.js
View File

@@ -50,7 +50,7 @@ function getResults() {
if (res.aps[i].se == 1) tr += '<tr class="selected">';
else tr += '<tr>';
tr += '<td>' + res.aps[i].c + '</td>';
tr += '<td>' + res.aps[i].ss + '</td>';
tr += '<td>' + escapeHTML(res.aps[i].ss) + '</td>';
tr += '<td>' + getEncryption(res.aps[i].e) + '</td>';
//tr += '<td>' + res.aps[i].r + ' <meter value="' + res.aps[i].r + '" max="-30" min="-100" low="-80" high="-60" optimum="-50"></meter></td>';
var _width = res.aps[i].r + 130;

6
web_server/html/js/attack.js
View File

@@ -18,8 +18,8 @@ function getResults() {
var aps = "";
var clients = "";
var tr = "<tr><th>Attack</th><th>Status</th><th>Start/Stop</th></tr>";
for (var i = 0; i < res.aps.length; i++) aps += "<li>" + res.aps[i] + "</li>";
for (var i = 0; i < res.clients.length; i++) clients += "<li>" + res.clients[i] + "</li>";
for (var i = 0; i < res.aps.length; i++) aps += "<li>" + escapeHTML(res.aps[i]) + "</li>";
for (var i = 0; i < res.clients.length; i++) clients += "<li>" + escapeHTML(res.clients[i]) + "</li>";
selectedAPs.innerHTML = aps;
selectedClients.innerHTML = clients;
@@ -48,7 +48,7 @@ function getResults() {
var tr = "<tr><th>Name</th><th></th><th>Del.</th></tr>";
for (var i = 0; i < data.length; i++) {
tr += "<tr>";
tr += "<td>" + data[i][0] + "</td>";
tr += "<td>" + escapeHTML(data[i][0]) + "</td>";
if(data[i][1] == 1) tr += "<td>&#128274;</td>";
else tr += "<td></td>";
tr += '<td><button class="button-warn" onclick="deleteSSID(' + i + ')">x</button></td>';

10
web_server/html/js/functions.js
View File

@@ -2,6 +2,16 @@ function getE(name){
return document.getElementById(name);
}
function escapeHTML(str) {
return str
.replace(/&/g, '&amp;')
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;')
.replace(/\"/g, '&quot;')
.replace(/\'/g, '&#39;')
.replace(/\//g, '&#x2F;')
}
function showMessage(msg, closeAfter){
var errorE = getE("error");
errorE.innerHTML = msg;

6
web_server/html/js/stations.js
View File

@@ -42,11 +42,11 @@ function getResults() {
if (res.clients[i].s == 1) tr += '<tr class="selected">';
else tr += '<tr>';
tr += '<td>' + res.clients[i].p + '</td>';
if(res.clients[i].l >= 0) tr += '<td>' + res.clients[i].n + ' <a onclick="editNameList(' + res.clients[i].l + ')"></a></td>';
if(res.clients[i].l >= 0) tr += '<td>' + escapeHTML(res.clients[i].n) + ' <a onclick="editNameList(' + res.clients[i].l + ')"></a></td>';
else tr += '<td><a onclick="setName(' + res.clients[i].i + ')">set</a></td>';
if(res.clients[i].v.length > 1) tr += '<td>' + res.clients[i].v + res.clients[i].m.substring(8, 20) + '</td>';
else tr += '<td>' + res.clients[i].m + '</td>';
tr += '<td>' + res.clients[i].a + '</td>';
tr += '<td>' + escapeHTML(res.clients[i].a) + '</td>';
if (res.clients[i].s == 1) tr += '<td><button class="marginNull select" onclick="select(' + res.clients[i].i + ')">deselect</button></td>';
else tr += '<td><button class="marginNull select" onclick="select(' + res.clients[i].i + ')">select</button></td>';
@@ -63,7 +63,7 @@ function getResults() {
tr += '<tr>';
tr += '<td>' + res.nameList[i].m + '</td>';
tr += '<td>' + res.nameList[i].n + ' <a onclick="editNameList(' + i + ')">edit</a></td>';
tr += '<td>' + escapeHTML(res.nameList[i].n) + ' <a onclick="editNameList(' + i + ')">edit</a></td>';
tr += '<td><button class="marginNull button-warn" onclick="deleteName(' + i + ')">x</button></td>';
tr += '<td><button class="marginNull button-primary" onclick="add(' + i + ')">add</button></td>';
tr += '</tr>';