Updated JS to prevent XSS using SSIDs

Author: Stefan Kremser

esp8266_deauther/data.h

@@ -50,7 +50,7 @@ function getResults() {
       if (res.aps[i].se == 1) tr += '<tr class="selected">';
       else tr += '<tr>';
       tr += '<td>' + res.aps[i].c + '</td>';
-      tr += '<td>' + res.aps[i].ss + '</td>';
+      tr += '<td>' + escapeHTML(res.aps[i].ss) + '</td>';
       tr += '<td>' + getEncryption(res.aps[i].e) + '</td>';
 	  //tr += '<td>' + res.aps[i].r + ' <meter value="' + res.aps[i].r + '" max="-30" min="-100" low="-80" high="-60" optimum="-50"></meter></td>';
 	  var _width = res.aps[i].r + 130;

web_server/html/js/apscan.js

@@ -18,8 +18,8 @@ function getResults() {
     var aps = "";
     var clients = "";
     var tr = "<tr><th>Attack</th><th>Status</th><th>Start/Stop</th></tr>";
-    for (var i = 0; i < res.aps.length; i++) aps += "<li>" + res.aps[i] + "</li>";
-    for (var i = 0; i < res.clients.length; i++) clients += "<li>" + res.clients[i] + "</li>";
+    for (var i = 0; i < res.aps.length; i++) aps += "<li>" + escapeHTML(res.aps[i]) + "</li>";
+    for (var i = 0; i < res.clients.length; i++) clients += "<li>" + escapeHTML(res.clients[i]) + "</li>";
 
     selectedAPs.innerHTML = aps;
     selectedClients.innerHTML = clients;
@@ -48,7 +48,7 @@ function getResults() {
 		var tr = "<tr><th>Name</th><th></th><th>Del.</th></tr>";
 		for (var i = 0; i < data.length; i++) {
 		  tr += "<tr>";
-		  tr += "<td>" + data[i][0] + "</td>";
+		  tr += "<td>" + escapeHTML(data[i][0]) + "</td>";
 		  if(data[i][1] == 1) tr += "<td>&#128274;</td>";
 		  else tr += "<td></td>";
 		  tr += '<td><button class="button-warn" onclick="deleteSSID(' + i + ')">x</button></td>';

web_server/html/js/attack.js

@@ -2,6 +2,16 @@ function getE(name){
 	return document.getElementById(name);
 }
 
+function escapeHTML(str) {
+    return str
+      .replace(/&/g, '&')
+      .replace(/</g, '&lt;')
+      .replace(/>/g, '&gt;')
+      .replace(/\"/g, '&quot;')
+      .replace(/\'/g, '&#39;')
+      .replace(/\//g, '&#x2F;')
+}
+
 function showMessage(msg, closeAfter){
 	var errorE = getE("error");
 	errorE.innerHTML = msg;

web_server/html/js/functions.js

@@ -42,11 +42,11 @@ function getResults() {
       if (res.clients[i].s == 1) tr += '<tr class="selected">';
       else tr += '<tr>';
       tr += '<td>' + res.clients[i].p + '</td>';
-      if(res.clients[i].l >= 0) tr += '<td>' + res.clients[i].n + ' <a onclick="editNameList(' + res.clients[i].l + ')"></a></td>';
+      if(res.clients[i].l >= 0) tr += '<td>' + escapeHTML(res.clients[i].n) + ' <a onclick="editNameList(' + res.clients[i].l + ')"></a></td>';
 	  else tr += '<td><a onclick="setName(' + res.clients[i].i + ')">set</a></td>';
       if(res.clients[i].v.length > 1) tr += '<td>' + res.clients[i].v + res.clients[i].m.substring(8, 20) + '</td>';
 	  else tr += '<td>' + res.clients[i].m + '</td>';
-      tr += '<td>' + res.clients[i].a + '</td>';
+      tr += '<td>' + escapeHTML(res.clients[i].a) + '</td>';
 
       if (res.clients[i].s == 1) tr += '<td><button class="marginNull select" onclick="select(' + res.clients[i].i + ')">deselect</button></td>';
       else tr += '<td><button class="marginNull select" onclick="select(' + res.clients[i].i + ')">select</button></td>';
@@ -63,7 +63,7 @@ function getResults() {
 
       tr += '<tr>';
       tr += '<td>' + res.nameList[i].m + '</td>';
-      tr += '<td>' + res.nameList[i].n + ' <a onclick="editNameList(' + i + ')">edit</a></td>';
+      tr += '<td>' + escapeHTML(res.nameList[i].n) + ' <a onclick="editNameList(' + i + ')">edit</a></td>';
       tr += '<td><button class="marginNull button-warn" onclick="deleteName(' + i + ')">x</button></td>';
 	  tr += '<td><button class="marginNull button-primary" onclick="add(' + i + ')">add</button></td>';
       tr += '</tr>';