Jsahleen has uploaded a new change for review.
https://gerrit.wikimedia.org/r/183743
Change subject: Security: Prevent XSS (cxserver)
......................................................................
Security: Prevent XSS (cxserver)
* Machine translation responses are now sent as JSON
* '<', '>' and '"' are replaced with html entities
* Must be merged together with the corresponding patch for ContentTranslation
Bug: T85686
Change-Id: Ibb2406c8ff5433ff7a046d7524ea07ed47616b2d
---
M ContentTranslationService.js
1 file changed, 41 insertions(+), 11 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/services/cxserver
refs/changes/43/183743/1
diff --git a/ContentTranslationService.js b/ContentTranslationService.js
index ad27e7f..fdb6135 100644
--- a/ContentTranslationService.js
+++ b/ContentTranslationService.js
@@ -61,12 +61,18 @@
function ( response ) {
var segmenter, segmentedContent;
try {
- logger.profile( 'Fetch page', { title: title,
sourceLanguage: sourceLanguage } );
+ logger.profile( 'Fetch page', {
+ title: title,
+ sourceLanguage: sourceLanguage
+ } );
logger.profile( 'Segment page' );
segmenter = new CXSegmenter( response.body,
sourceLanguage );
segmenter.segment();
segmentedContent =
segmenter.getSegmentedContent();
- logger.profile( 'Segment page', { title: title,
sourceLanguage: sourceLanguage } );
+ logger.profile( 'Segment page', {
+ title: title,
+ sourceLanguage: sourceLanguage
+ } );
} catch ( error ) {
res.send( 500, {
error: '' + error
@@ -92,7 +98,9 @@
} );
app.get( '/mt/:from/:to/:provider?', function ( req, res ) {
- res.send( 405, { error: 'Request must be posted' } );
+ res.send( 405, {
+ error: 'Request must be posted'
+ } );
} );
app.post( '/mt/:from/:to/:provider?', function ( req, res ) {
@@ -104,15 +112,19 @@
provider = registry.getValidProvider( from, to, 'mt',
req.params.provider );
if ( !provider ) {
- res.send( 404, { error: 'Provider not supported' } );
+ res.send( 404, {
+ error: 'Provider not supported'
+ } );
logger.info( 'MT provider invalid or missing' );
return;
}
mtClients = require( __dirname + '/mt/' );
- if ( mtClients[provider] === undefined ) {
- res.send( 500, { error: 'Provider not found' } );
+ if ( mtClients[ provider ] === undefined ) {
+ res.send( 500, {
+ error: 'Provider not found'
+ } );
logger.error( 'Configured provider ' + provider + ' was not
found' );
return;
}
@@ -126,7 +138,9 @@
reqLength += data.length;
if ( reqLength > 50000 ) {
// Too long
- res.send( 413, { error: 'Content too long' } );
+ res.send( 413, {
+ error: 'Content too long'
+ } );
logger.error( 'MT content too long' );
return;
}
@@ -139,11 +153,23 @@
logger.profile( 'MT' );
mtClient.translate( from, to, sourceHtml ).then(
function ( data ) {
- res.send( data );
- logger.profile( 'MT', { from: from, to: to } );
+ // Prevent XSS
+ data = data
+ .replace( /</g, '<' )
+ .replace( />/g, '>' )
+ .replace( /"/g, '"' );
+ res.json( {
+ contents: data
+ } );
+ logger.profile( 'MT', {
+ from: from,
+ to: to
+ } );
},
function ( error ) {
- res.send( 500, { error: error } );
+ res.send( 500, {
+ error: error
+ } );
logger.log( 'error', 'MT processing error:
(%s)', error.toString() );
}
);
@@ -172,7 +198,11 @@
dictClient.getTranslations( word, from, to ).then(
function ( data ) {
res.send( data );
- logger.profile( 'Dictionary lookup', { word: word,
from: from, to: to } );
+ logger.profile( 'Dictionary lookup', {
+ word: word,
+ from: from,
+ to: to
+ } );
},
function ( error ) {
res.send( 500, {
--
To view, visit https://gerrit.wikimedia.org/r/183743
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ibb2406c8ff5433ff7a046d7524ea07ed47616b2d
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/services/cxserver
Gerrit-Branch: master
Gerrit-Owner: Jsahleen <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
