From 0aadb154fe86aa44cad6e687aeed43587bb0c89e Mon Sep 17 00:00:00 2001
From: smythtech <dylan@smythtech.net>
Date: Tue, 28 Mar 2017 20:19:22 +0100
Subject: [PATCH] Added functions for string sanitization

---
 pages/switchDetail.html | 30 +++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/pages/switchDetail.html b/pages/switchDetail.html
index 2cffc0d..a2c4006 100644
--- a/pages/switchDetail.html
+++ b/pages/switchDetail.html
@@ -435,12 +435,33 @@ <h4 class="modal-title" id="myModalLabel2">Bandwitdh Consumption</h4>
     var restport = $.cookie('cport');
     if (restport == null || restport == "") window.location.href = "login.html";
 
+    //Quick function to make strings received through the REST API safe to pass through ".html()" function.
+	var escapeString = function(string) {
+      return string
+         .replace(/&/g, "&amp;")
+         .replace(/</g, "&lt;")
+         .replace(/>/g, "&gt;")
+         .replace(/"/g, "&quot;")
+         .replace(/'/g, "&#039;");
+    };
+    
+    var escapeAllStrings = function(jsonObj) {
+      for(var key in jsonObj) {
+        if(jsonObj.hasOwnProperty(key) && typeof jsonObj[key] === 'string') {
+          jsonObj[key] = escapeString(jsonObj[key]);
+        }    
+      }
+      return jsonObj;
+    };
+
     var sId = getQueryParameterByName("macAddress");
     ///ANAHTAR features
     $.ajax({
         url: " http://" + ipaddress + ":" + restport + "/wm/core/switch/" + sId + "/features/json",
         success: function (data) {
 
+			data = escapeAllStrings(data);
+
             $(".version").html(data["version"]);
             $("#bufferCount").html(data["buffers"]);
             $("#tableCount").html(data["tables"]);
@@ -461,7 +482,9 @@ <h4 class="modal-title" id="myModalLabel2">Bandwitdh Consumption</h4>
     $.ajax({
         url: " http://" + ipaddress + ":" + restport + "/wm/core/switch/" + sId + "/desc/json",
         success: function (data) {
-
+            
+            data.desc = escapeAllStrings(data.desc);
+            
             $(".version").html(data.desc["version"]);
             $("#hardwareDescription").html(data.desc["hardware_description"]);
             $("#manufacturerDescription").html(data.desc["manufacturer_description"]);
@@ -484,6 +507,9 @@ <h4 class="modal-title" id="myModalLabel2">Bandwitdh Consumption</h4>
         url: " http://" + ipaddress + ":" + restport + "/wm/core/switch/" + sId + "/group-features/json",
         success: function (data) {
             console.log(data);
+            
+            data.group_features = escapeAllStrings(data.group_features);
+
             $("#capabilities").html(data.group_features["capabilities"]);
             $("#maxGroupsAll").html(data.group_features["max_groups_all"]);
             $("#maxGroupsSelect").html(data.group_features["max_groups_select"]);
@@ -506,6 +532,8 @@ <h4 class="modal-title" id="myModalLabel2">Bandwitdh Consumption</h4>
         url: " http://" + ipaddress + ":" + restport + "/wm/core/switch/" + sId + "/aggregate/json",
         success: function (data) {
 
+			data.aggregate = escapeAllStrings(data.aggregate);
+			
             $(".version").html(data.aggregate["version"]);
             $("#flowCount").html(data.aggregate["flow_count"]);
             $("#packet_count").html(data.aggregate["packet_count"]);