Browse Source

json_paranoid

pull/126/head
Lal'C Mellk Mal 2 years ago
parent
commit
50bcb7b267
3 changed files with 11 additions and 5 deletions
  1. +4
    -0
      etc.js
  2. +4
    -3
      imager/daemon.js
  3. +3
    -2
      server/server.js

+ 4
- 0
etc.js View File

@@ -88,3 +88,7 @@ exports.checked_mkdir = function (dir, cb) {
exports.random_id = function () {
return Math.floor(Math.random() * 1e16) + 1;
};

exports.json_paranoid = function (obj) {
return JSON.stringify(obj).replace(/\//g, '\\x2f');
};

+ 4
- 3
imager/daemon.js View File

@@ -68,14 +68,15 @@ IU.client_call = function (t, msg) {
IU.respond = function (code, msg) {
if (!this.resp)
return;
const origin = config.MAIN_SERVER_ORIGIN;
this.resp.writeHead(code, {
'Content-Type': 'text/html; charset=UTF-8',
'Access-Control-Allow-Origin': config.MAIN_SERVER_ORIGIN,
'Access-Control-Allow-Origin': origin,
});
this.resp.end('<!doctype html><title>Upload result</title>\n'
+ 'This is a legitimate imager response.\n'
+ '<script>\nparent.postMessage(' + JSON.stringify(msg)
+ ', ' + JSON.stringify(config.MAIN_SERVER_ORIGIN) + ');\n'
+ '<script>\nparent.postMessage(' + etc.json_paranoid(msg)
+ ', ' + etc.json_paranoid(origin) + ');\n'
+ '</script>\n');
this.resp = null;
};


+ 3
- 2
server/server.js View File

@@ -15,7 +15,8 @@ var _ = require('../lib/underscore'),
fs = require('fs'),
hooks = require('../hooks'),
imager = require('../imager'),
Muggle = require('../etc').Muggle,
etc = require('../etc'),
Muggle = etc.Muggle,
okyaku = require('./okyaku'),
render = require('./render'),
request = require('request'),
@@ -615,7 +616,7 @@ function make_init_script(ident) {
var authTag = cipher.getAuthTag()
if (authTag.length != 16) throw 'auth tag of unexpected length';
var combined = iv.toString('hex') + authTag.toString('hex') + crypted;
return '\t<script>var ctoken = ' + JSON.stringify(combined) + ';</script>\n';
return '\t<script>var ctoken = ' + json_paranoid(combined) + ';</script>\n';
}

function decrypt_ctoken(ctoken) {


Loading…
Cancel
Save