Merge pull request #3755 from overleaf/jpa-xss-2

[views] mitigate Angular XSS via email/new_email GitOrigin-RevId: 3d127c283ba9f97c5b0e6c53a9d77f7f597058bb
2024-11-21 20:47:08 -05:00 · 2021-03-17 14:29:43 +01:00 · 2021-03-17 14:29:43 +01:00 · f353728bda
commit f353728bda
parent 7609b741fa
5 changed files with 18 additions and 19 deletions
--- a/services/web/app/src/Features/User/UserPagesController.js
+++ b/services/web/app/src/Features/User/UserPagesController.js
@ -22,7 +22,6 @@ const UserPagesController = {
      title: 'register',
      sharedProjectData,
      newTemplateData,
-      new_email: req.query.new_email || '',
      samlBeta: req.session.samlBeta
    })
  },
@ -37,8 +36,7 @@ const UserPagesController = {
      AuthenticationController.setRedirectInSession(req, req.query.redir)
    }
    res.render('user/login', {
-      title: 'login',
-      email: req.query.email
+      title: 'login'
    })
  },

--- a/services/web/app/views/user/login.pug
+++ b/services/web/app/views/user/login.pug
@ -22,7 +22,6 @@ block content
 									placeholder='email@example.com',
 									ng-model="email",
 									ng-model-options="{ updateOn: 'blur' }",
-									ng-init="email = "+JSON.stringify(email),
 									focus="true"
 								)
 								span.small.text-primary(ng-show="loginForm.email.$invalid && loginForm.email.$dirty")
--- a/services/web/app/views/user/settings.pug
+++ b/services/web/app/views/user/settings.pug
@ -32,7 +32,6 @@ block content
 														placeholder="email@example.com"
 														required,
 														ng-model="email",
-														ng-init="email = "+JSON.stringify(user.email),
 														ng-model-options="{ updateOn: 'blur' }"
 													)
 													span.small.text-danger(ng-show="settingsForm.email.$invalid && settingsForm.email.$dirty")
--- a/services/web/frontend/js/directives/asyncForm.js
+++ b/services/web/frontend/js/directives/asyncForm.js
@ -3,17 +3,21 @@ import 'libs/passfield'
 App.directive('asyncForm', ($http, validateCaptcha, validateCaptchaV3) => ({
  controller: [
    '$scope',
-    function($scope) {
+    '$location',
+    function($scope, $location) {
      this.getEmail = () => $scope.email
+      this.getEmailFromQuery = () =>
+        $location.search().email || $location.search().new_email
      return this
    }
  ],
-  link(scope, element, attrs) {
+  link(scope, element, attrs, ctrl) {
    let response
    const formName = attrs.asyncForm

    scope[attrs.name].response = response = {}
    scope[attrs.name].inflight = false
+    scope.email = scope.email || ctrl.getEmailFromQuery() || attrs.newEmail

    const validateCaptchaIfEnabled = function(callback) {
      if (attrs.captchaActionName) {
--- a/services/web/modules/user-activate/app/views/user/activate.pug
+++ b/services/web/modules/user-activate/app/views/user/activate.pug
@ -35,7 +35,6 @@ block content
 									placeholder="email@example.com"
 									required,
 									ng-model="email",
-									ng-init="email = "+JSON.stringify(email),
 									ng-model-options="{ updateOn: 'blur' }",
 									disabled
 								)