grassrootseconomics/ethstats-server
5
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add xss filter

Browse Source
This commit is contained in:
Fabian Vogelsteller 2015-08-11 19:40:28 +02:00
parent c0b0cbbd68
commit 91e54ecbef
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/js/controllers.js
View File

@ -133,6 +133,9 @@ netStatsApp.controller('StatsCtrl', function($scope, $filter, $localStorage, soc
function socketAction(action, data) function socketAction(action, data)
{ {
// filter data
data = xssFilter(data);
// console.log('Action: ', action); // console.log('Action: ', action);
// console.log('Data: ', data); // console.log('Data: ', data);
@ -142,6 +145,7 @@ netStatsApp.controller('StatsCtrl', function($scope, $filter, $localStorage, soc
$scope.nodes = data; $scope.nodes = data;
_.forEach($scope.nodes, function (node, index) { _.forEach($scope.nodes, function (node, index) {
// Init hashrate // Init hashrate
if( _.isUndefined(node.stats.hashrate) ) if( _.isUndefined(node.stats.hashrate) )
node.stats.hashrate = 0; node.stats.hashrate = 0;
@ -633,4 +637,18 @@ netStatsApp.controller('StatsCtrl', function($scope, $filter, $localStorage, soc
node.readable.latency = node.stats.latency + ' ms'; node.readable.latency = node.stats.latency + ' ms';
} }
} }
// very simple xss filter
function xssFilter(obj){
if(_.isArray(obj)) {
return _.map(obj, xssFilter);
} else if(_.isObject(obj)) {
return _.mapValues(obj, xssFilter);
} else if(_.isString(obj)) {
return obj.replace(/\< *\/* *script *>*/gi,'').replace(/javascript/gi,'');
} else
return obj;
}
}); });