From aec02346e4507614f0e42d3642f3d36272772b3f Mon Sep 17 00:00:00 2001
From: Yu <yu@chatopera.com>
Date: Wed, 17 Nov 2021 10:35:05 +0800
Subject: [PATCH] Fix Enterprise Chat XSS #495

---
 .../templates/apps/entim/group/index.pug          | 15 ++++++++++++++-
 .../main/resources/templates/apps/entim/index.pug | 15 ++++++++++++++-
 2 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/contact-center/app/src/main/resources/templates/apps/entim/group/index.pug b/contact-center/app/src/main/resources/templates/apps/entim/group/index.pug
index edfbf318..ce06b6bf 100644
--- a/contact-center/app/src/main/resources/templates/apps/entim/group/index.pug
+++ b/contact-center/app/src/main/resources/templates/apps/entim/group/index.pug
@@ -203,11 +203,24 @@ block content
                 openchat('/ent/im/chat.html?userid=' + id, '/images/user-pc.png', uname, user.id, '最近登陆:' + lastlogintime)
             }
         }
+        function escapeHtml (str) {
+            if (typeof str == 'string') {
+                return str.replace(/<|&|>/g, function (matches) {
+                    return ({
+                        '<': '&lt;',
+                        '>': '&gt;',
+                        '&': '&amp;'
+                    })[matches];
+                });
+            }
+
+            return '';
+        }
         function openchat(url, img, name, id, text) {
             top.layer.open({
                 type: 2,
                 id: id,
-                title: ["<div style='position: relative;height: 42px;padding: 5px 15px 5px 0px;line-height: 20px;cursor: pointer;display: inline-block;vertical-align: top;' id='dialog_" + id + "'><img src='" + img + "' style='max-height:50px;'><div style='padding:0px 5px;line-height: 23px;display: inline-block;vertical-align: top;'><span style='vertical-align: top;font-size:18px;'>" + name + "<span class='ukefu-entim-status offline' id='chat_" + id + "' title='离线'><i class='layui-icon'></i></span></span><p style='vertical-align: top;font-size: 12px;color: #999;'>" + text + "</p></div></div>", "height:55px"],
+                title: ["<div style='position: relative;height: 42px;padding: 5px 15px 5px 0px;line-height: 20px;cursor: pointer;display: inline-block;vertical-align: top;' id='dialog_" + id + "'><img src='" + img + "' style='max-height:50px;'><div style='padding:0px 5px;line-height: 23px;display: inline-block;vertical-align: top;'><span style='vertical-align: top;font-size:18px;'>" + escapeHtml(name) + "<span class='ukefu-entim-status offline' id='chat_" + id + "' title='离线'><i class='layui-icon'></i></span></span><p style='vertical-align: top;font-size: 12px;color: #999;'>" + text + "</p></div></div>", "height:55px"],
                 closeBtn: 1, //不显示关闭按钮
                 shade: false,
                 area: ['700px', '520px'],
diff --git a/contact-center/app/src/main/resources/templates/apps/entim/index.pug b/contact-center/app/src/main/resources/templates/apps/entim/index.pug
index b1eabfc1..8f1fb469 100644
--- a/contact-center/app/src/main/resources/templates/apps/entim/index.pug
+++ b/contact-center/app/src/main/resources/templates/apps/entim/index.pug
@@ -164,11 +164,24 @@ block content
                 , shade: 0 //不显示遮罩
             });
         }
+        function escapeHtml (str) {
+            if (typeof str == 'string') {
+                return str.replace(/<|&|>/g, function (matches) {
+                    return ({
+                        '<': '&lt;',
+                        '>': '&gt;',
+                        '&': '&amp;'
+                    })[matches];
+                });
+            }
+
+            return '';
+        }
         function openchat(url, img, name, id, text) {
             top.layer.open({
                 type: 2,
                 id: id,
-                title: ["<div style='position: relative;height: 42px;padding: 5px 15px 5px 0px;line-height: 20px;cursor: pointer;display: inline-block;vertical-align: top;' id='dialog_" + id + "'><img src='" + img + "' style='max-height:50px;'><div style='padding:0px 5px;line-height: 23px;display: inline-block;vertical-align: top;'><span style='vertical-align: top;font-size:18px;'>" + name + "<span class='ukefu-entim-status offline' id='chat_" + id + "' title='离线'><i class='layui-icon'></i></span></span><p style='vertical-align: top;font-size: 12px;color: #999;'>" + text + "</p></div></div>", "height:55px"],
+                title: ["<div style='position: relative;height: 42px;padding: 5px 15px 5px 0px;line-height: 20px;cursor: pointer;display: inline-block;vertical-align: top;' id='dialog_" + id + "'><img src='" + img + "' style='max-height:50px;'><div style='padding:0px 5px;line-height: 23px;display: inline-block;vertical-align: top;'><span style='vertical-align: top;font-size:18px;'>" + escapeHtml(name) + "<span class='ukefu-entim-status offline' id='chat_" + id + "' title='离线'><i class='layui-icon'></i></span></span><p style='vertical-align: top;font-size: 12px;color: #999;'>" + text + "</p></div></div>", "height:55px"],
                 closeBtn: 1, //不显示关闭按钮
                 shade: false,
                 area: ['700px', '520px'],