pacnpal/simpleguardhome
1
0
Fork 0
mirror of https://github.com/pacnpal/simpleguardhome.git synced 2025-12-20 12:31:16 -05:00
Code Issues Packages Projects Releases Wiki Activity

Potential fix for code scanning alert no. 4: DOM text reinterpreted as HTML

Browse Source 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
This commit is contained in:
pacnpal
2025-01-28 21:37:25 -05:00
committed by GitHub
parent a24da9082d
commit 25bab3deb5
1 changed files with 16 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/simpleguardhome/templates/index.html
View File

@@ -6,6 +6,15 @@
<title>SimpleGuardHome</title> <title>SimpleGuardHome</title>
<script src="https://cdn.tailwindcss.com"></script> <script src="https://cdn.tailwindcss.com"></script>
<script> <script>
function escapeHtml(unsafe) {
return unsafe
.replace(/&/g, "&amp;")
.replace(/</g, "&lt;")
.replace(/>/g, "&gt;")
.replace(/"/g, "&quot;")
.replace(/'/g, "&#039;");
}
async function checkDomain(event) { async function checkDomain(event) {
event.preventDefault(); event.preventDefault();
const domain = document.getElementById('domain').value; const domain = document.getElementById('domain').value;
@@ -33,10 +42,10 @@
resultDiv.innerHTML = ` resultDiv.innerHTML = `
<div class="bg-red-100 border-l-4 border-red-500 text-red-700 p-4 mb-4"> <div class="bg-red-100 border-l-4 border-red-500 text-red-700 p-4 mb-4">
<p class="font-bold">Domain is blocked</p> <p class="font-bold">Domain is blocked</p>
<p class="text-sm"><strong>${domain}</strong> is blocked</p> <p class="text-sm"><strong>${escapeHtml(domain)}</strong> is blocked</p>
<p class="text-sm">Reason: ${data.reason}</p> <p class="text-sm">Reason: ${escapeHtml(data.reason)}</p>
${data.rules?.length ? `<p class="text-sm font-mono bg-red-50 p-2 mt-1 rounded">Rule: ${data.rules[0].text}</p>` : ''} ${data.rules?.length ? `<p class="text-sm font-mono bg-red-50 p-2 mt-1 rounded">Rule: ${escapeHtml(data.rules[0].text)}</p>` : ''}
${data.service_name ? `<p class="text-sm mt-2">Service: ${data.service_name}</p>` : ''} ${data.service_name ? `<p class="text-sm mt-2">Service: ${escapeHtml(data.service_name)}</p>` : ''}
</div>`; </div>`;
unblockDiv.innerHTML = ` unblockDiv.innerHTML = `
<button onclick="unblockDomain('${domain}')" <button onclick="unblockDomain('${domain}')"
@@ -47,8 +56,8 @@
resultDiv.innerHTML = ` resultDiv.innerHTML = `
<div class="bg-green-100 border-l-4 border-green-500 text-green-700 p-4"> <div class="bg-green-100 border-l-4 border-green-500 text-green-700 p-4">
<p class="font-bold">Domain is not blocked</p> <p class="font-bold">Domain is not blocked</p>
<p class="text-sm"><strong>${domain}</strong> is allowed</p> <p class="text-sm"><strong>${escapeHtml(domain)}</strong> is allowed</p>
<p class="text-xs mt-2">Status: ${data.reason}</p> <p class="text-xs mt-2">Status: ${escapeHtml(data.reason)}</p>
</div>`; </div>`;
unblockDiv.innerHTML = ''; unblockDiv.innerHTML = '';
} }
@@ -68,7 +77,7 @@
resultDiv.innerHTML = ` resultDiv.innerHTML = `
<div class="bg-red-100 border-l-4 border-red-500 text-red-700 p-4"> <div class="bg-red-100 border-l-4 border-red-500 text-red-700 p-4">
<p class="font-bold">Error checking domain</p> <p class="font-bold">Error checking domain</p>
<p class="text-sm">${error.message}</p> <p class="text-sm">${escapeHtml(error.message)}</p>
</div>`; </div>`;
unblockDiv.innerHTML = ''; unblockDiv.innerHTML = '';
} finally { } finally {