pacnpal/simpleguardhome
1
0
Fork 0
mirror of https://github.com/pacnpal/simpleguardhome.git synced 2025-12-20 04:21:13 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13 from pacnpal/alert-autofix-2

Browse Source 
Potential fix for code scanning alert no. 2: DOM text reinterpreted as HTML
This commit is contained in:
pacnpal
2025-01-28 22:02:18 -05:00
committed by GitHub
parent 3011065182 c9f8ebbe7d
commit b8ef333639
1 changed files with 20 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/simpleguardhome/templates/index.html
View File

@@ -7,6 +7,18 @@
<script src="https://unpkg.com/@tailwindcss/browser@4" integrity="sha384-fsXZ0Oru5QjGkveFx8DdmBAyKdwnJ7TnbRzDN5LROCKt8PAN8h7y7oqCwtk9cN68" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.3.4/purify.min.js" integrity="sha384-KGmzmwrs7oAU2sG5qfETslFsscVcCaxQrX2d7PW7I9bTrsuTD/eSMFr9jaMS9i+b" crossorigin="anonymous"></script>
<script>
function escapeHtml(unsafe) {
return unsafe.replace(/[&<"']/g, function (m) {
switch (m) {
case '&': return '&amp;';
case '<': return '&lt;';
case '>': return '&gt;';
case '"': return '&quot;';
case "'": return '&#039;';
default: return m;
}
});
}
async function checkDomain(event) {
event.preventDefault();
const domain = DOMPurify.sanitize(document.getElementById('domain').value);
@@ -34,10 +46,10 @@
resultDiv.innerHTML = `
<div class="bg-red-100 border-l-4 border-red-500 text-red-700 p-4 mb-4">
<p class="font-bold">Domain is blocked</p>
<p class="text-sm"><strong>${domain}</strong> is blocked</p>
<p class="text-sm">Reason: ${data.reason}</p>
${data.rules?.length ? `<p class="text-sm font-mono bg-red-50 p-2 mt-1 rounded">Rule: ${data.rules[0].text}</p>` : ''}
${data.service_name ? `<p class="text-sm mt-2">Service: ${data.service_name}</p>` : ''}
<p class="text-sm"><strong>${escapeHtml(domain)}</strong> is blocked</p>
<p class="text-sm">Reason: ${escapeHtml(data.reason)}</p>
${data.rules?.length ? `<p class="text-sm font-mono bg-red-50 p-2 mt-1 rounded">Rule: ${escapeHtml(data.rules[0].text)}</p>` : ''}
${data.service_name ? `<p class="text-sm mt-2">Service: ${escapeHtml(data.service_name)}</p>` : ''}
</div>`;
unblockDiv.innerHTML = `
<button onclick="unblockDomain('${domain}')"
@@ -48,8 +60,8 @@
resultDiv.innerHTML = `
<div class="bg-green-100 border-l-4 border-green-500 text-green-700 p-4">
<p class="font-bold">Domain is not blocked</p>
<p class="text-sm"><strong>${domain}</strong> is allowed</p>
<p class="text-xs mt-2">Status: ${data.reason}</p>
<p class="text-sm"><strong>${escapeHtml(domain)}</strong> is allowed</p>
<p class="text-xs mt-2">Status: ${escapeHtml(data.reason)}</p>
</div>`;
unblockDiv.innerHTML = '';
}
@@ -61,7 +73,7 @@
resultDiv.innerHTML = `
<div class="bg-${bgColor}-100 border-l-4 border-${bgColor}-500 text-${bgColor}-700 p-4">
<p class="font-bold">Error checking domain</p>
<p class="text-sm">${errorMsg}</p>
<p class="text-sm">${escapeHtml(errorMsg)}</p>
</div>`;
unblockDiv.innerHTML = '';
}
@@ -69,7 +81,7 @@
resultDiv.innerHTML = `
<div class="bg-red-100 border-l-4 border-red-500 text-red-700 p-4">
<p class="font-bold">Error checking domain</p>
<p class="text-sm">${error.message}</p>
<p class="text-sm">${escapeHtml(error.message)}</p>
</div>`;
unblockDiv.innerHTML = '';
} finally {