Skip to content

Commit

Permalink
Merge pull request #38 from iress/DP-803
Browse files Browse the repository at this point in the history 
URI encode template replacement to avoid XSS
  • Loading branch information
@SiCoe
SiCoe authored Oct 2, 2023
2 parents 0d6d923 + 185bfdb commit 1d9f87a
Show file tree
Hide file tree
Showing 4 changed files with 474 additions and 94 deletions.
8 changes: 5 additions & 3 deletions authn/openid.index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ const auth = require('./auth.js');
const nonce = require('./nonce.js');
const axios = require('axios');
const url = require('url');
const entities = require('html-entities');

var discoveryDocument;
var jwks;
var config;
Expand Down Expand Up @@ -349,9 +351,9 @@ function unauthorized(error, error_description, error_uri, callback) {
</body>
</html>`;

page = page.replace(/%error%/g, encodeURI(error).replace(/%20/g,' '));
page = page.replace(/%error_description%/g, encodeURI(error_description).replace(/%20/g,' '));
page = page.replace(/%error_uri%/g, encodeURI(error_uri));
page = page.replace(/%error%/g, entities.encode(error));
page = page.replace(/%error_description%/g, entities.encode(error_description));
page = page.replace(/%error_uri%/g, entities.encode(error_uri));

// Unauthorized access attempt. Reset token and nonce cookies
const response = {
Expand Down
8 changes: 5 additions & 3 deletions authn/pkce.index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ const codeChallenge = require('./code-challenge.js');
const cfg = require('./config.js');
const axios = require('axios');
const url = require('url');
const entities = require('html-entities');

var discoveryDocument;
var jwks;
var config;
Expand Down Expand Up @@ -373,9 +375,9 @@ function unauthorized(error, error_description, error_uri, callback) {
</body>
</html>`;

page = page.replace(/%error%/g, error);
page = page.replace(/%error_description%/g, error_description);
page = page.replace(/%error_uri%/g, error_uri);
page = page.replace(/%error%/g, entities.encode(error));
page = page.replace(/%error_description%/g, entities.encode(error_description));
page = page.replace(/%error_uri%/g, entities.encode(error_uri));

// Unauthorized access attempt. Reset token and nonce cookies
const response = {
Expand Down
Loading

0 comments on commit 1d9f87a

Please sign in to comment.