jostreff/wireguard-ui
1
0
Fork 0
mirror of https://github.com/ngoduykhanh/wireguard-ui.git synced 2025-04-19 19:59:13 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

escape html special chars

Browse source
This commit is contained in:
Robert Willert 2024-12-19 22:10:50 +01:00
parent 92f5b5c8b1
commit 872dc998ef
2 changed files with 26 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
custom/js/helper.js
View file

@ -1,3 +1,13 @@
function escapeHtml(unsafe)
{
return unsafe
.replace(/&/g, "&")
.replace(/</g, "&lt;")
.replace(/>/g, "&gt;")
.replace(/"/g, "&quot;")
.replace(/'/g, "&#039;");
}
function renderClientList(data) { function renderClientList(data) {
$.each(data, function(index, obj) { $.each(data, function(index, obj) {
// render telegram button // render telegram button
@ -6,13 +16,13 @@ function renderClientList(data) {
telegramButton = `<div class="btn-group"> telegramButton = `<div class="btn-group">
<button type="button" class="btn btn-outline-primary btn-sm" data-toggle="modal" <button type="button" class="btn btn-outline-primary btn-sm" data-toggle="modal"
data-target="#modal_telegram_client" data-clientid="${obj.Client.id}" data-target="#modal_telegram_client" data-clientid="${obj.Client.id}"
data-clientname="${obj.Client.name}">Telegram</button> data-clientname="${escapeHtml(obj.Client.name)}">Telegram</button>
</div>` </div>`
} }
let telegramHtml = ""; let telegramHtml = "";
if (obj.Client.telegram_userid && obj.Client.telegram_userid.length > 0) { if (obj.Client.telegram_userid && obj.Client.telegram_userid.length > 0) {
telegramHtml = `<span class="info-box-text" style="display: none"><i class="fas fa-tguserid"></i>${obj.Client.telegram_userid}</span>` telegramHtml = `<span class="info-box-text" style="display: none"><i class="fas fa-tguserid"></i>${escapeHtml(obj.Client.telegram_userid)}</span>`
} }
// render client status css tag style // render client status css tag style
@ -24,13 +34,13 @@ function renderClientList(data) {
// render client allocated ip addresses // render client allocated ip addresses
let allocatedIpsHtml = ""; let allocatedIpsHtml = "";
$.each(obj.Client.allocated_ips, function(index, obj) { $.each(obj.Client.allocated_ips, function(index, obj) {
allocatedIpsHtml += `<small class="badge badge-secondary">${obj}</small>&nbsp;`; allocatedIpsHtml += `<small class="badge badge-secondary">${escapeHtml(obj)}</small>&nbsp;`;
}) })
// render client allowed ip addresses // render client allowed ip addresses
let allowedIpsHtml = ""; let allowedIpsHtml = "";
$.each(obj.Client.allowed_ips, function(index, obj) { $.each(obj.Client.allowed_ips, function(index, obj) {
allowedIpsHtml += `<small class="badge badge-secondary">${obj}</small>&nbsp;`; allowedIpsHtml += `<small class="badge badge-secondary">${escapeHtml(obj)}</small>&nbsp;`;
}) })
let subnetRangesString = ""; let subnetRangesString = "";
@ -40,7 +50,7 @@ function renderClientList(data) {
let additionalNotesHtml = ""; let additionalNotesHtml = "";
if (obj.Client.additional_notes && obj.Client.additional_notes.length > 0) { if (obj.Client.additional_notes && obj.Client.additional_notes.length > 0) {
additionalNotesHtml = `<span class="info-box-text" style="display: none"><i class="fas fa-additional_notes"></i>${obj.Client.additional_notes.toUpperCase()}</span>` additionalNotesHtml = `<span class="info-box-text" style="display: none"><i class="fas fa-additional_notes"></i>${escapeHtml(obj.Client.additional_notes.toUpperCase())}</span>`
} }
// render client html content // render client html content
@ -56,12 +66,12 @@ function renderClientList(data) {
<div class="btn-group"> <div class="btn-group">
<button type="button" class="btn btn-outline-primary btn-sm" data-toggle="modal" <button type="button" class="btn btn-outline-primary btn-sm" data-toggle="modal"
data-target="#modal_qr_client" data-clientid="${obj.Client.id}" data-target="#modal_qr_client" data-clientid="${obj.Client.id}"
data-clientname="${obj.Client.name}" ${obj.QRCode != "" ? '' : ' disabled'}>QR code</button> data-clientname="${escapeHtml(obj.Client.name)}" ${obj.QRCode != "" ? '' : ' disabled'}>QR code</button>
</div> </div>
<div class="btn-group"> <div class="btn-group">
<button type="button" class="btn btn-outline-primary btn-sm" data-toggle="modal" <button type="button" class="btn btn-outline-primary btn-sm" data-toggle="modal"
data-target="#modal_email_client" data-clientid="${obj.Client.id}" data-target="#modal_email_client" data-clientid="${obj.Client.id}"
data-clientname="${obj.Client.name}">Email</button> data-clientname="${escapeHtml(obj.Client.name)}">Email</button>
</div> </div>
${telegramButton} ${telegramButton}
<div class="btn-group"> <div class="btn-group">
@ -72,22 +82,22 @@ function renderClientList(data) {
<div class="dropdown-menu" role="menu"> <div class="dropdown-menu" role="menu">
<a class="dropdown-item" href="#" data-toggle="modal" <a class="dropdown-item" href="#" data-toggle="modal"
data-target="#modal_edit_client" data-clientid="${obj.Client.id}" data-target="#modal_edit_client" data-clientid="${obj.Client.id}"
data-clientname="${obj.Client.name}">Edit</a> data-clientname="${escapeHtml(obj.Client.name)}">Edit</a>
<a class="dropdown-item" href="#" data-toggle="modal" <a class="dropdown-item" href="#" data-toggle="modal"
data-target="#modal_pause_client" data-clientid="${obj.Client.id}" data-target="#modal_pause_client" data-clientid="${obj.Client.id}"
data-clientname="${obj.Client.name}">Disable</a> data-clientname="${escapeHtml(obj.Client.name)}">Disable</a>
<a class="dropdown-item" href="#" data-toggle="modal" <a class="dropdown-item" href="#" data-toggle="modal"
data-target="#modal_remove_client" data-clientid="${obj.Client.id}" data-target="#modal_remove_client" data-clientid="${obj.Client.id}"
data-clientname="${obj.Client.name}">Delete</a> data-clientname="${escapeHtml(obj.Client.name)}">Delete</a>
</div> </div>
</div> </div>
<hr> <hr>
<span class="info-box-text"><i class="fas fa-user"></i> ${obj.Client.name}</span> <span class="info-box-text"><i class="fas fa-user"></i> ${escapeHtml(obj.Client.name)}</span>
<span class="info-box-text" style="display: none"><i class="fas fa-key"></i> ${obj.Client.public_key}</span> <span class="info-box-text" style="display: none"><i class="fas fa-key"></i> ${escapeHtml(obj.Client.public_key)}</span>
<span class="info-box-text" style="display: none"><i class="fas fa-subnetrange"></i>${subnetRangesString}</span> <span class="info-box-text" style="display: none"><i class="fas fa-subnetrange"></i>${escapeHtml(subnetRangesString)}</span>
${telegramHtml} ${telegramHtml}
${additionalNotesHtml} ${additionalNotesHtml}
<span class="info-box-text"><i class="fas fa-envelope"></i> ${obj.Client.email}</span> <span class="info-box-text"><i class="fas fa-envelope"></i> ${escapeHtml(obj.Client.email)}</span>
<span class="info-box-text"><i class="fas fa-clock"></i> <span class="info-box-text"><i class="fas fa-clock"></i>
${prettyDateTime(obj.Client.created_at)}</span> ${prettyDateTime(obj.Client.created_at)}</span>
<span class="info-box-text"><i class="fas fa-history"></i> <span class="info-box-text"><i class="fas fa-history"></i>
@ -95,7 +105,7 @@ function renderClientList(data) {
<span class="info-box-text"><i class="fas fa-server" style="${obj.Client.use_server_dns ? "opacity: 1.0" : "opacity: 0.5"}"></i> <span class="info-box-text"><i class="fas fa-server" style="${obj.Client.use_server_dns ? "opacity: 1.0" : "opacity: 0.5"}"></i>
${obj.Client.use_server_dns ? 'DNS enabled' : 'DNS disabled'}</span> ${obj.Client.use_server_dns ? 'DNS enabled' : 'DNS disabled'}</span>
<span class="info-box-text"><i class="fas fa-file"></i> <span class="info-box-text"><i class="fas fa-file"></i>
${obj.Client.additional_notes}</span> ${escapeHtml(obj.Client.additional_notes)}</span>
<span class="info-box-text"><strong>IP Allocation</strong></span>` <span class="info-box-text"><strong>IP Allocation</strong></span>`
+ allocatedIpsHtml + allocatedIpsHtml
+ `<span class="info-box-text"><strong>Allowed IPs</strong></span>` + `<span class="info-box-text"><strong>Allowed IPs</strong></span>`

2
router/router.go
View file

@ -2,11 +2,11 @@ package router
import ( import (
"errors" "errors"
"html/template"
"io" "io"
"io/fs" "io/fs"
"reflect" "reflect"
"strings" "strings"
"text/template"
"github.com/gorilla/sessions" "github.com/gorilla/sessions"
"github.com/labstack/echo-contrib/session" "github.com/labstack/echo-contrib/session"