From 91e54ecbef19cb3194f796eeda7e86ab728a4594 Mon Sep 17 00:00:00 2001
From: Fabian Vogelsteller <fabian@frozeman.de>
Date: Tue, 11 Aug 2015 19:40:28 +0200
Subject: [PATCH] add xss filter

---
 src/js/controllers.js | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/src/js/controllers.js b/src/js/controllers.js
index ee9bb87..5a3c48a 100644
--- a/src/js/controllers.js
+++ b/src/js/controllers.js
@@ -133,6 +133,9 @@ netStatsApp.controller('StatsCtrl', function($scope, $filter, $localStorage, soc
 
 	function socketAction(action, data)
 	{
+		// filter data
+		data = xssFilter(data);
+
 		// console.log('Action: ', action);
 		// console.log('Data: ', data);
 
@@ -142,6 +145,7 @@ netStatsApp.controller('StatsCtrl', function($scope, $filter, $localStorage, soc
 				$scope.nodes = data;
 
 				_.forEach($scope.nodes, function (node, index) {
+
 					// Init hashrate
 					if( _.isUndefined(node.stats.hashrate) )
 						node.stats.hashrate = 0;
@@ -633,4 +637,18 @@ netStatsApp.controller('StatsCtrl', function($scope, $filter, $localStorage, soc
 			node.readable.latency = node.stats.latency + ' ms';
 		}
 	}
+
+	// very simple xss filter
+	function xssFilter(obj){
+		if(_.isArray(obj)) {
+			return _.map(obj, xssFilter);
+
+		} else if(_.isObject(obj)) {
+			return _.mapValues(obj, xssFilter);
+
+		} else if(_.isString(obj)) {
+			return obj.replace(/\< *\/* *script *>*/gi,'').replace(/javascript/gi,'');
+		} else
+			return obj;
+	}
 });
\ No newline at end of file