Merge pull request #5 from tomer-mobb/Mobb-fix-f3103d3a8e

tomer-mobb · web-flow · commit b83c1b727d4c · 2024-11-19T01:07:23.000+07:00
XSS vulnerability fix (powered by Mobb)
diff --git a/insecure-js/server.js b/insecure-js/server.js
@@ -155,7 +155,7 @@ const server = http.createServer((req, res) => {
           }
         } catch (error) {
           console.error(error);
-          responseMessages.push(`<p>An error occurred while processing the JSON5 data: ${error.message}</p>`);
+          responseMessages.push(`<p>An error occurred while processing the JSON5 data: ${escapeHtml(error.message)}</p>`);
         }
       }
 

Original file line number	Diff line number	Diff line change
`@@ -155,7 +155,7 @@ const server = http.createServer((req, res) => {`
`155`	`155`	`}`
`156`	`156`	`} catch (error) {`
`157`	`157`	`console.error(error);`
`158`		- responseMessages.push(`<p>An error occurred while processing the JSON5 data: ${error.message}</p>`);
	`158`	+ responseMessages.push(`<p>An error occurred while processing the JSON5 data: ${escapeHtml(error.message)}</p>`);
`159`	`159`	`}`
`160`	`160`	`}`
`161`	`161`