Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Issue 384: added escape_for_html function to escape PoC data before rendering in ExtJs UI

Browse Source 
git-svn-id: https://beef.googlecode.com/svn/trunk@1125 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
This commit is contained in:
antisnatchor
2011-07-28 13:29:38 +00:00
parent 4c10509975
commit 62672b2159
1 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
extensions/admin_ui/controllers/xssrays/xssrays.rb
View File

@@ -55,13 +55,22 @@ class Xssrays < BeEF::Extension::AdminUI::HttpController
'id' => log.id,
'vector_method' => log.vector_method,
'vector_name' => log.vector_name,
'vector_poc' => log.vector_poc
'vector_poc' => escape_for_html(log.vector_poc)
}
}
@body = {'success' => 'true', 'logs' => logs}.to_json
end
def escape_for_html(str)
str.gsub!(/</, '&lt;')
str.gsub!(/>/, '&gt;')
str.gsub!(/\u0022/, '&quot;')
str.gsub!(/\u0027/, '&#39;')
str.gsub!(/\\/, '&#92;')
str
end
# called by the UI. needed to pass the hooked browser ID/session and store a new scan in the DB
def set_scan_target
hooked_browser = HB.first(:session => @params['hb_id'].to_s)