Fix XSS in access token display page

Fixes https://jira.coreos.com/browse/QS-81
2017-12-06 13:40:31 -05:00 · 2017-12-06 13:40:31 -05:00 · f9219721a2
commit f9219721a2
parent 4a5626e64b
1 changed files with 15 additions and 14 deletions
--- a/templates/generatedtoken.html
+++ b/templates/generatedtoken.html
@ -4,23 +4,24 @@
    <link rel="stylesheet" href="//netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css">
    <link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap.no-icons.min.css">
    <link href='//fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
+    <script type="text/javascript">
+      function setToken() {
+        var hash = document.location.hash.substr(1);
+        var pairs = hash.split('&');
+        for (var i = 0; i < pairs.length; ++i) {
+          var pair = pairs[i];
+          var kv = pair.split('=');
+          if (kv[0] == 'access_token') {
+            document.getElementById('accesstoken').appendChild(document.createTextNode(kv[1]));
+          }
+        }
+      }
+    </script>
  </head>
-  <body>
+  <body onload="setToken()">
    <div class="container" style="margin-top: 20px">
      <img src="/static/img/quay-logo.png">
-      <h5>Access Token:
-        <script type="text/javascript">
-          var hash = document.location.hash.substr(1);
-          var pairs = hash.split('&');
-          for (var i = 0; i < pairs.length; ++i) {
-            var pair = pairs[i];
-            var kv = pair.split('=');
-            if (kv[0] == 'access_token') {
-              document.write(kv[1]);
-            }
-          }
-        </script>
-      </h5>
+      <h5>Access Token: <span id="accesstoken"></span></h5>
    </div>
  </body>
 </html>