From a283da3a349964fd1c70239398608f080274b76b Mon Sep 17 00:00:00 2001 From: tomer-mobb <132216976+tomer-mobb@users.noreply.github.com> Date: Tue, 16 Jan 2024 22:15:43 +0700 Subject: [PATCH 1/8] Update xss-example.js --- xss-example.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xss-example.js b/xss-example.js index c39e9a03c..eee8ab517 100644 --- a/xss-example.js +++ b/xss-example.js @@ -4,4 +4,5 @@ var urlParams = new URLSearchParams(window.location.search); var username = urlParams.get('username'); var unsafe_div = window.document.getElementById("vulnerable-div"); -unsafe_div.innerHTML = "Hello to you "; +// here's an XSS: +unsafe_div.innerHTML = "Hello to you " + username; From 7d776a37176aab40f488ae6a43f1048af2e2e4b1 Mon Sep 17 00:00:00 2001 From: Mobb autofixer Date: Thu, 18 Jan 2024 14:40:16 +0000 Subject: [PATCH 2/8] XSS fix by mobb-4849507a-b58d-4e95-a520-422e5b955e58 --- xss-example.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xss-example.js b/xss-example.js index eee8ab517..7f0f91d40 100644 --- a/xss-example.js +++ b/xss-example.js @@ -5,4 +5,4 @@ var username = urlParams.get('username'); var unsafe_div = window.document.getElementById("vulnerable-div"); // here's an XSS: -unsafe_div.innerHTML = "Hello to you " + username; +unsafe_div.textContent = "Hello to you " + username; From 425b2ea76b15eaf0df6fb9417679378699695fa4 Mon Sep 17 00:00:00 2001 From: Jonathan Afek <95547393+mobbjon@users.noreply.github.com> Date: Thu, 25 Jan 2024 10:55:45 +0100 Subject: [PATCH 3/8] Update xss-example.js --- xss-example.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xss-example.js b/xss-example.js index 7f0f91d40..eee8ab517 100644 --- a/xss-example.js +++ b/xss-example.js @@ -5,4 +5,4 @@ var username = urlParams.get('username'); var unsafe_div = window.document.getElementById("vulnerable-div"); // here's an XSS: -unsafe_div.textContent = "Hello to you " + username; +unsafe_div.innerHTML = "Hello to you " + username; From 0d2ab25cd594630d91f718a93c14889fe9a0a842 Mon Sep 17 00:00:00 2001 From: Mobb autofixer Date: Thu, 25 Jan 2024 10:13:15 +0000 Subject: [PATCH 4/8] XSS fix by mobb-0865bd8d-1ec5-49d5-8064-29e48d3ac2b1 --- xss-example.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xss-example.js b/xss-example.js index eee8ab517..7f0f91d40 100644 --- a/xss-example.js +++ b/xss-example.js @@ -5,4 +5,4 @@ var username = urlParams.get('username'); var unsafe_div = window.document.getElementById("vulnerable-div"); // here's an XSS: -unsafe_div.innerHTML = "Hello to you " + username; +unsafe_div.textContent = "Hello to you " + username; From bbe8a2bb5deffda100d7fd89698ac0109b02de57 Mon Sep 17 00:00:00 2001 From: Jonathan Afek <95547393+mobbjon@users.noreply.github.com> Date: Thu, 25 Jan 2024 11:19:57 +0100 Subject: [PATCH 5/8] Update xss-example.js --- xss-example.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xss-example.js b/xss-example.js index 7f0f91d40..eee8ab517 100644 --- a/xss-example.js +++ b/xss-example.js @@ -5,4 +5,4 @@ var username = urlParams.get('username'); var unsafe_div = window.document.getElementById("vulnerable-div"); // here's an XSS: -unsafe_div.textContent = "Hello to you " + username; +unsafe_div.innerHTML = "Hello to you " + username; From 5562b3a862c817715a8c1d526b3ce9b62e57e09a Mon Sep 17 00:00:00 2001 From: Mobb autofixer Date: Thu, 25 Jan 2024 10:20:28 +0000 Subject: [PATCH 6/8] XSS fix by mobb-3bc0da8d-c810-45b2-9a84-e2633bcde608 --- xss-example.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xss-example.js b/xss-example.js index eee8ab517..7f0f91d40 100644 --- a/xss-example.js +++ b/xss-example.js @@ -5,4 +5,4 @@ var username = urlParams.get('username'); var unsafe_div = window.document.getElementById("vulnerable-div"); // here's an XSS: -unsafe_div.innerHTML = "Hello to you " + username; +unsafe_div.textContent = "Hello to you " + username; From d890f0e03cf09df923a9db8026ca46a648825d56 Mon Sep 17 00:00:00 2001 From: Jonathan Afek <95547393+mobbjon@users.noreply.github.com> Date: Thu, 25 Jan 2024 11:31:14 +0100 Subject: [PATCH 7/8] Update xss-example.js --- xss-example.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xss-example.js b/xss-example.js index 7f0f91d40..eee8ab517 100644 --- a/xss-example.js +++ b/xss-example.js @@ -5,4 +5,4 @@ var username = urlParams.get('username'); var unsafe_div = window.document.getElementById("vulnerable-div"); // here's an XSS: -unsafe_div.textContent = "Hello to you " + username; +unsafe_div.innerHTML = "Hello to you " + username; From cef0596b1f53032ecceedea46892ff17f33995cc Mon Sep 17 00:00:00 2001 From: Mobb autofixer Date: Thu, 25 Jan 2024 10:40:20 +0000 Subject: [PATCH 8/8] XSS fix by mobb-57d5714c-7e72-47e6-9e55-580f590592a0 --- xss-example.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xss-example.js b/xss-example.js index eee8ab517..7f0f91d40 100644 --- a/xss-example.js +++ b/xss-example.js @@ -5,4 +5,4 @@ var username = urlParams.get('username'); var unsafe_div = window.document.getElementById("vulnerable-div"); // here's an XSS: -unsafe_div.innerHTML = "Hello to you " + username; +unsafe_div.textContent = "Hello to you " + username;