Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2026-04-23 18:29:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Prevent arbritary js code from beign returned from the database

Browse Source 
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
This commit is contained in:
Adam Warner
2021-07-23 18:47:37 +01:00
parent 7e602e0df4
commit 8066069a1f
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
scripts/pi-hole/php/groups.php
View File

@@ -510,6 +510,9 @@ if ($_POST['action'] == 'get_groups') {
$res['domain'] = $utf8_domain.' ('.$res['domain'].')';
}
}
// Prevent domain and comment fields from returning any arbitary javascript code which could be executed on the browser.
$res['domain'] = htmlentities($res['domain']);
$res['comment'] = htmlentities($res['comment']);
array_push($data, $res);
}