From cea848dec4489c13376a00d5573c11129e7c3733 Mon Sep 17 00:00:00 2001
From: Max <max@blenk.xyz>
Date: Wed, 3 Oct 2018 19:29:46 +0200
Subject: [PATCH] Fix XSS-Vulnerability in configuration page

Add HTML entity encoding to the SSID of networks that can be found
using the "Scan for wifi networks" function of the configuration
page.
---
 sonoff/xdrv_02_webserver.ino | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/sonoff/xdrv_02_webserver.ino b/sonoff/xdrv_02_webserver.ino
index 6a939dc24..86472b27c 100644
--- a/sonoff/xdrv_02_webserver.ino
+++ b/sonoff/xdrv_02_webserver.ino
@@ -789,6 +789,17 @@ void HandleWifiConfiguration()
   HandleWifi(false);
 }
 
+String htmlEscape(String s)
+{
+    s.replace("&", "&amp;");
+    s.replace("<", "&lt;");
+    s.replace(">", "&gt;");
+    s.replace("\"", "&quot;");
+    s.replace("'", "&#x27;");
+    s.replace("/", "&#x2F;");
+    return s;
+}
+
 void HandleWifi(boolean scan)
 {
   if (HttpUser()) { return; }
@@ -854,7 +865,7 @@ void HandleWifi(boolean scan)
           String item = FPSTR(HTTP_LNK_ITEM);
           String rssiQ;
           rssiQ += quality;
-          item.replace(F("{v}"), WiFi.SSID(indices[i]));
+          item.replace(F("{v}"), htmlEscape(WiFi.SSID(indices[i])));
           item.replace(F("{w}"), String(WiFi.channel(indices[i])));
           item.replace(F("{r}"), rssiQ);
           uint8_t auth = WiFi.encryptionType(indices[i]);