[fix] sanitize identifierauth.jsp and fido2-auth.jsp

wso2 · Jan 19, 2024 · 533192f · 533192f
1 parent 0b97a06
commit 533192f
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 11 deletions.
diff --git a/.changeset/few-games-study.md b/.changeset/few-games-study.md
@@ -0,0 +1,5 @@
+---
+"@wso2is/identity-apps-core": patch
+---
+
+[fix] sanitize `identifierauth.jsp` and `fido2-auth.jsp`
diff --git a/identity-apps-core/apps/authentication-portal/src/main/webapp/fido2-auth.jsp b/identity-apps-core/apps/authentication-portal/src/main/webapp/fido2-auth.jsp
@@ -58,7 +58,7 @@
 %>
 
 <%
-    String authRequest = request.getParameter("data");
+    String authRequest = Encode.forUriComponent(request.getParameter("data"));
 
     Map data = ((AuthenticationRequestWrapper) request).getAuthParams();
     boolean enablePasskeyProgressiveEnrollment = (boolean) data.get("FIDO.EnablePasskeyProgressiveEnrollment");
@@ -169,20 +169,20 @@
                             </p>
                             <div class="mt-4">
                                 <div class="buttons">
-                                    <button class="ui primary fluid large button" type="button" onclick="retry()" 
+                                    <button class="ui primary fluid large button" type="button" onclick="retry()"
                                     data-testid="login-page-fido-retry-button">
                                         <%=AuthenticationEndpointUtil.i18n(resourceBundle, "fido.retry" )%>
                                     </button>
                                 </div>
                             </div>
                             <%
-                                String multiOptionURI = request.getParameter("multiOptionURI");
+                                String multiOptionURI = Encode.forUriComponent(request.getParameter("multiOptionURI"));
                                 if (multiOptionURI != null && AuthenticationEndpointUtil.isValidURL(multiOptionURI) &&
                                     isMultiAuthAvailable(multiOptionURI)) {
                             %>
                                 <div class="text-center mt-1">
-                                    <a 
-                                        class="ui primary basic button link-button" 
+                                    <a
+                                        class="ui primary basic button link-button"
                                         id="goBackLink"
                                         href='<%=Encode.forHtmlAttribute(multiOptionURI)%>'
                                     >
@@ -244,7 +244,7 @@
     <script type="text/javascript" src="libs/base64js/base64js-1.3.0.min.js"></script>
     <script type="text/javascript" src="libs/base64url.js"></script>
 
-    <% String clientId=request.getParameter("client_id"); %>
+    <% String clientId=Encode.forUriComponent(request.getParameter("client_id")); %>
 
     <script type="text/javascript">
         var insightsAppIdentifier = "<%=clientId%>";

diff --git a/identity-apps-core/apps/authentication-portal/src/main/webapp/identifierauth.jsp b/identity-apps-core/apps/authentication-portal/src/main/webapp/identifierauth.jsp
@@ -104,8 +104,8 @@
 %>
 
 <%
-    String clientId = request.getParameter("client_id");
-    String sp = request.getParameter("sp");
+    String clientId = Encode.forUriComponent(request.getParameter("client_id"));
+    String sp = Encode.forUriComponent(request.getParameter("sp"));
     String spId = "";
     boolean isFederatedOptionsAvailable = false;
     boolean isMagicLink = false;
@@ -179,7 +179,7 @@
     trackEvent("page-visit-authentication-portal-identifierauth", {
         "app": insightsAppIdentifier,
         "tenant": insightsTenantIdentifier !== "null" ? insightsTenantIdentifier : ""
-    });     
+    });
 
     function submitIdentifier (e) {
         e.preventDefault();
@@ -251,7 +251,7 @@
     <div class="ui visible negative message" id="error-msg">
         <%= AuthenticationEndpointUtil.i18n(resourceBundle, Encode.forJava(errorMessage)) %>
     </div>
-    <% } else if ((Boolean.TRUE.toString()).equals(request.getParameter("authz_failure"))) { %>
+    <% } else if ((Boolean.TRUE.toString()).equals(Encode.forUriComponent(request.getParameter("authz_failure")))) { %>
     <div class="ui visible negative message" id="error-msg">
         <%=AuthenticationEndpointUtil.i18n(resourceBundle, "unauthorized.to.login")%>
     </div>
@@ -323,7 +323,7 @@
     <div class="ui divider hidden"></div>
     <div class="align-center">
         <%
-            String multiOptionURI = request.getParameter("multiOptionURI");
+            String multiOptionURI = Encode.forUriComponent(request.getParameter("multiOptionURI"));
             if (multiOptionURI != null && AuthenticationEndpointUtil.isValidURL(multiOptionURI) &&
             isMultiAuthAvailable(multiOptionURI)) {
         %>