Home Explore Help
Sign In
mirrors
/
wekan
mirror of https://github.com/wekan/wekan.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Add warning to beginning of sanitized filename.

Thanks to xet7!

Related https://github.com/wekan/wekan/pull/5083
Lauri Ojansivu 2 years ago
parent
8a1c2e8860
commit
28e97808f5
1 changed files with 5 additions and 2 deletions
Split View Show Diff Stats
  1. 5 2
      client/components/cards/attachments.js

+ 5 - 2
client/components/cards/attachments.js
View File 

@@ -292,10 +292,13 @@ Template.cardAttachmentsPopup.events({
 
       let uploads = [];
 
       for (const file of files) {
 
         const fileId = new ObjectID().toString();
 
-        const fileName = DOMPurify.sanitize(file.name);
 
+        const warning = "WARNING-XSS-SANITIZED-";
 
+        let fileName = DOMPurify.sanitize(file.name);
 
 
         if (fileName !== file.name) {
 
-          console.warn('Detected possible XSS in file: ', file.name + '. Renamed to: ', fileName + '.');
 
+          // console.warn('Detected possible XSS in file: ', file.name + '. Renamed to: ', fileName + '.');
 
+          // Add warning about XSS sanitized:
 
+          fileName = warning.concat(fileName);
 
         }
 
 
         const config = {