xss vulnerability in outfits#show

This one was actually pretty darn clever - nobody's abused it, but
I was reading a blog post where someone described this type of
issue, I realized it was a brilliant attack, and then realized
DTI was vulnerable. Oops. Thanks for the solution, Jamie!

http://jamie-wong.com/2012/08/22/what-i-did-at-khan-academy/#XSS+Fix
This commit is contained in:
Emi Matchu 2012-10-20 17:56:38 -05:00
parent 671641cc16
commit 5601511ad5
2 changed files with 5 additions and 1 deletions

View file

@ -129,6 +129,10 @@ module ApplicationHelper
def return_to_field_tag
hidden_field_tag :return_to, request.fullpath
end
def safely_to_json(obj)
obj.to_json.gsub('/', '\/')
end
def secondary_nav(&block)
content_for :before_flashes,

View file

@ -21,7 +21,7 @@
#outfit-items= render @outfit.worn_items
- content_for :javascripts do
:javascript
var INITIAL_OUTFIT_DATA = #{@outfit.to_json};
var INITIAL_OUTFIT_DATA = #{safely_to_json @outfit};
= include_javascript_libraries :jquery, :swfobject
= include_javascripts :show_outfit_package