xss vulnerability in outfits#show

This one was actually pretty darn clever - nobody's abused it, but I was reading a blog post where someone described this type of issue, I realized it was a brilliant attack, and then realized DTI was vulnerable. Oops. Thanks for the solution, Jamie! http://jamie-wong.com/2012/08/22/what-i-did-at-khan-academy/#XSS+Fix
2012-10-20 17:56:38 -05:00 · 2012-10-20 17:56:38 -05:00 · 5601511ad5
commit 5601511ad5
parent 671641cc16
2 changed files with 5 additions and 1 deletions
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@ -130,6 +130,10 @@ module ApplicationHelper
    hidden_field_tag :return_to, request.fullpath
  end
  
+  def safely_to_json(obj)
+    obj.to_json.gsub('/', '\/')
+  end
+
  def secondary_nav(&block)
    content_for :before_flashes,
      content_tag(:nav, :id => 'secondary-nav', &block)
--- a/app/views/outfits/show.html.haml
+++ b/app/views/outfits/show.html.haml
@ -21,7 +21,7 @@
 #outfit-items= render @outfit.worn_items
 - content_for :javascripts do
  :javascript
-    var INITIAL_OUTFIT_DATA = #{@outfit.to_json};
+    var INITIAL_OUTFIT_DATA = #{safely_to_json @outfit};
  = include_javascript_libraries :jquery, :swfobject
  = include_javascripts :show_outfit_package