mirror of
https://github.com/tailscale/tailscale.git
synced 2025-01-07 08:07:42 +00:00
cmd/tailscale: use html/template for synoTokenRedirect
The GitHub code scanner flagged this as a security vulnerability. I don't believe it was, but I couldn't convince myself of it 100%. Err on the safe side and use html/template to generate the HTML, with all necessary escaping. Fixes tailscale/corp#2698 Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
This commit is contained in:
parent
27da7fd5cb
commit
a076aaecc6
@ -270,14 +270,14 @@ func synoTokenRedirect(w http.ResponseWriter, r *http.Request) bool {
|
||||
// We need a SynoToken for authenticate.cgi.
|
||||
// So we tell the client to get one.
|
||||
serverURL := r.URL.Scheme + "://" + r.URL.Host
|
||||
fmt.Fprintf(w, synoTokenRedirectHTML, serverURL)
|
||||
synoTokenRedirectHTML.Execute(w, serverURL)
|
||||
return true
|
||||
}
|
||||
|
||||
const synoTokenRedirectHTML = `<html><body>
|
||||
var synoTokenRedirectHTML = template.Must(template.New("redirect").Parse(`<html><body>
|
||||
Redirecting with session token...
|
||||
<script>
|
||||
var serverURL = %q;
|
||||
var serverURL = {{ . }};
|
||||
var req = new XMLHttpRequest();
|
||||
req.overrideMimeType("application/json");
|
||||
req.open("GET", serverURL + "/webman/login.cgi", true);
|
||||
@ -289,7 +289,7 @@ func synoTokenRedirect(w http.ResponseWriter, r *http.Request) bool {
|
||||
req.send(null);
|
||||
</script>
|
||||
</body></html>
|
||||
`
|
||||
`))
|
||||
|
||||
func webHandler(w http.ResponseWriter, r *http.Request) {
|
||||
if authRedirect(w, r) {
|
||||
|
Loading…
x
Reference in New Issue
Block a user