1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
commit a5503c0c606e196f368a58ea3d1b8457e76a3a31
Author: Calum Lind <calumlind+deluge@gmail.com>
Date: Mon Feb 14 18:00:23 2022 +0000
[WebUI] Fix encoding HTML entities for torrent attributes
Ensure all torrent attributes that might contain malicious HTML entities
are encoded.
By allowing HTML entities to be rendered it enable malicious torrent
files to perform XSS attacks.
Resolves: https://dev.deluge-torrent.org/ticket/3459
diff --git a/deluge/ui/web/js/deluge-all/EditTrackersWindow.js b/deluge/ui/web/js/deluge-all/EditTrackersWindow.js
index f6733aaa6..178fd583f 100644
--- a/deluge/ui/web/js/deluge-all/EditTrackersWindow.js
+++ b/deluge/ui/web/js/deluge-all/EditTrackersWindow.js
@@ -57,6 +57,7 @@ Deluge.EditTrackersWindow = Ext.extend(Ext.Window, {
header: _('Tracker'),
width: 0.9,
dataIndex: 'url',
+ tpl: new Ext.XTemplate('{url:htmlEncode}'),
},
],
columnSort: {
diff --git a/deluge/ui/web/js/deluge-all/FilterPanel.js b/deluge/ui/web/js/deluge-all/FilterPanel.js
index b6e5ec5ca..f1fade120 100644
--- a/deluge/ui/web/js/deluge-all/FilterPanel.js
+++ b/deluge/ui/web/js/deluge-all/FilterPanel.js
@@ -171,5 +171,5 @@ Deluge.FilterPanel.templates = {
tracker_host:
'<div class="x-deluge-filter" style="background-image: url(' +
deluge.config.base +
- 'tracker/{filter});">{filter} ({count})</div>',
+ 'tracker/{filter});">{filter:htmlEncode} ({count})</div>',
};
diff --git a/deluge/ui/web/js/deluge-all/TorrentGrid.js b/deluge/ui/web/js/deluge-all/TorrentGrid.js
index 198ec279f..ded3fb03b 100644
--- a/deluge/ui/web/js/deluge-all/TorrentGrid.js
+++ b/deluge/ui/web/js/deluge-all/TorrentGrid.js
@@ -17,7 +17,7 @@
return String.format(
'<div class="torrent-name x-deluge-{0}">{1}</div>',
r.data['state'].toLowerCase(),
- value
+ Ext.util.Format.htmlEncode(value)
);
}
function torrentSpeedRenderer(value) {
@@ -62,7 +62,7 @@
'<div style="background: url(' +
deluge.config.base +
'tracker/{0}) no-repeat; padding-left: 20px;">{0}</div>',
- value
+ Ext.util.Format.htmlEncode(value)
);
}
diff --git a/deluge/ui/web/js/deluge-all/add/AddWindow.js b/deluge/ui/web/js/deluge-all/add/AddWindow.js
index a4aff067b..771543de3 100644
--- a/deluge/ui/web/js/deluge-all/add/AddWindow.js
+++ b/deluge/ui/web/js/deluge-all/add/AddWindow.js
@@ -93,6 +93,9 @@ Deluge.add.AddWindow = Ext.extend(Deluge.add.Window, {
sortable: true,
renderer: torrentRenderer,
dataIndex: 'text',
+ tpl: new Ext.XTemplate(
+ '<div class="x-deluge-add-torrent-name">{text:htmlEncode}</div>'
+ ),
},
],
stripeRows: true,
diff --git a/deluge/ui/web/js/deluge-all/add/FilesTab.js b/deluge/ui/web/js/deluge-all/add/FilesTab.js
index fed52282d..d712c023d 100644
--- a/deluge/ui/web/js/deluge-all/add/FilesTab.js
+++ b/deluge/ui/web/js/deluge-all/add/FilesTab.js
@@ -28,6 +28,7 @@ Deluge.add.FilesTab = Ext.extend(Ext.ux.tree.TreeGrid, {
header: _('Filename'),
width: 295,
dataIndex: 'filename',
+ tpl: new Ext.XTemplate('{filename:htmlEncode}'),
},
{
header: _('Size'),
diff --git a/deluge/ui/web/js/deluge-all/details/DetailsTab.js b/deluge/ui/web/js/deluge-all/details/DetailsTab.js
index fdb4f7f0d..f1da178b1 100644
--- a/deluge/ui/web/js/deluge-all/details/DetailsTab.js
+++ b/deluge/ui/web/js/deluge-all/details/DetailsTab.js
@@ -91,7 +91,9 @@ Deluge.details.DetailsTab = Ext.extend(Ext.Panel, {
for (var field in this.fields) {
if (!Ext.isDefined(data[field])) continue; // This is a field we are not responsible for.
if (data[field] == this.oldData[field]) continue;
- this.fields[field].dom.innerHTML = Ext.escapeHTML(data[field]);
+ this.fields[field].dom.innerHTML = Ext.util.Format.htmlEncode(
+ data[field]
+ );
}
this.oldData = data;
},
diff --git a/deluge/ui/web/js/deluge-all/details/FilesTab.js b/deluge/ui/web/js/deluge-all/details/FilesTab.js
index edc388d19..60de832a6 100644
--- a/deluge/ui/web/js/deluge-all/details/FilesTab.js
+++ b/deluge/ui/web/js/deluge-all/details/FilesTab.js
@@ -18,6 +18,7 @@ Deluge.details.FilesTab = Ext.extend(Ext.ux.tree.TreeGrid, {
header: _('Filename'),
width: 330,
dataIndex: 'filename',
+ tpl: new Ext.XTemplate('{filename:htmlEncode}'),
},
{
header: _('Size'),
diff --git a/deluge/ui/web/js/deluge-all/details/PeersTab.js b/deluge/ui/web/js/deluge-all/details/PeersTab.js
index 66d4a4b95..a1919630d 100644
--- a/deluge/ui/web/js/deluge-all/details/PeersTab.js
+++ b/deluge/ui/web/js/deluge-all/details/PeersTab.js
@@ -73,7 +73,7 @@
header: _('Client'),
width: 125,
sortable: true,
- renderer: fplain,
+ renderer: 'htmlEncode',
dataIndex: 'client',
},
{
|
