HTML-encode various dynamic content. Update IIS server install script.

Server/wwwroot/src/Main/Chat.ts

@@ -1,6 +1,7 @@
 import * as HubConnection from "./HubConnection.js";
 import { DataSource } from "./DataGrid.js";
 import { ShowMessage } from "../Shared/UI.js";
+import { EncodeForHTML } from "../Shared/Utilities.js";
 
 export function CreateChatWindow(deviceID: string, deviceName: string) {
     var chatWindow = document.getElementById("chat-" + deviceID);
@@ -59,10 +60,11 @@ export function CreateChatWindow(deviceID: string, deviceName: string) {
                 if (!inputText) {
                     return;
                 }
+                var encodedText = EncodeForHTML(inputText);
                 (chatWindow.querySelector(".chat-messages") as HTMLDivElement).innerHTML += `
                     <div>
                         <span class="text-secondary font-weight-bold">You: </span>
-                        <span>${inputText}</span>
+                        <span>${encodedText}</span>
                     </div>
                 `;
                 (ev.currentTarget as HTMLTextAreaElement).value = "";

Server/wwwroot/src/Main/Commands/WebCommands.ts

@@ -7,6 +7,7 @@ import { MainApp } from "../App.js";
 import * as DataGrid from "../DataGrid.js";
 import { AddConsoleHTML, AddConsoleOutput, AddTransferHarness } from "../Console.js";
 import { GetSelectedDevices } from "../DataGrid.js";
+import { EncodeForHTML } from "../../Shared/Utilities.js";
 
 
 var commands: Array<ConsoleCommand> = [
@@ -242,17 +243,17 @@ var commands: Array<ConsoleCommand> = [
                         <td>${String(x.IsOnline)
                                 .replace("true", "<span class='fa fa-check-circle'></span>")
                                 .replace("false", "<span class='fa fa-times'></span>")}</td>
-                        <td>${x.DeviceName}</td>
-                        <td>${x.Alias}</td>
-                        <td>${x.CurrentUser}</td>
+                        <td>${EncodeForHTML(x.DeviceName)}</td>
+                        <td>${EncodeForHTML(x.Alias)}</td>
+                        <td>${EncodeForHTML(x.CurrentUser)}</td>
                         <td>${new Date(x.LastOnline).toLocaleString()}</td>
-                        <td>${x.Platform}</td>
-                        <td>${x.OSDescription}</td>
+                        <td>${EncodeForHTML(x.Platform)}</td>
+                        <td>${EncodeForHTML(x.OSDescription)}</td>
                         <td>${Math.round(x.UsedStorage / x.TotalStorage * 100)}%</td>
-                        <td>${x.TotalStorage.toLocaleString()}</td>
+                        <td>${EncodeForHTML(x.TotalStorage.toLocaleString())}</td>
                         <td>${Math.round(x.UsedMemory / x.TotalMemory * 100)}%</td>
-                        <td>${x.TotalMemory.toLocaleString()}</td>
-                        <td>${x.Tags || ""}</td>
+                        <td>${EncodeForHTML(x.TotalMemory.toLocaleString())}</td>
+                        <td>${EncodeForHTML(x.Tags || "")}</td>
                         </tr>`
             });
             output += deviceList.join("");

Server/wwwroot/src/Main/DataGrid.ts

@@ -4,6 +4,7 @@ import { CreateChatWindow } from "./Chat.js";
 import * as HubConnection from "./HubConnection.js"
 import { ShowModal } from "../Shared/UI.js";
 import { Device } from "../Shared/Models/Device.js";
+import { EncodeForHTML } from "../Shared/Utilities.js";
 
 export const DataSource: Array<Device> = new Array<Device>();
 export const FilteredDevices: Array<Device> = new Array<Device>();
@@ -128,18 +129,18 @@ export function RenderDeviceRows() {
                                 "<span class='fa fa-times'></span>"
                         }
                     </td>
-                    <td>${device.DeviceName}</td>
-                    <td>${device.Alias || ""}</td>
-                    <td>${device.CurrentUser}</td>
+                    <td>${EncodeForHTML(device.DeviceName)}</td>
+                    <td>${EncodeForHTML(device.Alias) || ""}</td>
+                    <td>${EncodeForHTML(device.CurrentUser)}</td>
                     <td>${new Date(device.LastOnline).toLocaleString()}</td>
-                    <td>${device.PublicIP}</td>
-                    <td>${device.Platform}</td>
-                    <td>${device.OSDescription}</td>
+                    <td>${EncodeForHTML(device.PublicIP)}</td>
+                    <td>${EncodeForHTML(device.Platform)}</td>
+                    <td>${EncodeForHTML(device.OSDescription)}</td>
                     <td>${Math.round(device.CpuUtilization * 100)}%</td>
                     <td>${Math.round(device.UsedStorage / device.TotalStorage * 100)}%</td>
-                    <td>${device.TotalStorage.toLocaleString()}</td>
+                    <td>${EncodeForHTML(device.TotalStorage.toLocaleString())}</td>
                     <td>${Math.round(device.UsedMemory / device.TotalMemory * 100)}%</td>
-                    <td>${device.TotalMemory.toLocaleString()}</td>
+                    <td>${EncodeForHTML(device.TotalMemory.toLocaleString())}</td>
                     <td style="white-space: nowrap">
                         <i class="fas fa-comment device-chat-button mr-2" title="Chat" style="font-size:1.5em"></i>
                         <i class="fas fa-mouse device-remotecontrol-button mr-2" title="Remote Control" style="font-size:1.5em"></i>
@@ -155,7 +156,7 @@ export function RenderDeviceRows() {
         (recordRow.querySelector(".device-chat-button") as HTMLButtonElement).onclick = (ev) => {
             ev.preventDefault();
             ev.stopPropagation();
-            CreateChatWindow(device.ID, device.DeviceName);
+            CreateChatWindow(device.ID, EncodeForHTML(device.DeviceName));
         };
         (recordRow.querySelector(".device-remotecontrol-button") as HTMLButtonElement).onclick = (ev) => {
             ev.preventDefault();

Server/wwwroot/src/Main/HubConnection.ts

@@ -10,6 +10,7 @@ import { MainApp } from "./App.js";
 import { AddConsoleOutput, AddConsoleHTML } from "./Console.js";
 import { ReceiveChatText } from "./Chat.js";
 import { ShowMessage, ShowModal } from "../Shared/UI.js";
+import { EncodeForHTML } from "../Shared/Utilities.js";
 
 
 export var Connection: any;
@@ -43,14 +44,15 @@ export function Connect() {
 
 function applyMessageHandlers(hubConnection) {
     hubConnection.on("Chat", (deviceID: string, deviceName: string, message: string, disconnected: boolean) => {
+        var encodedMessage = EncodeForHTML(message);
         if (disconnected) {
             AddConsoleHTML(`<span class="text-info font-italic">${deviceName} disconnected from chat.</span>`);
         }
         else if (message) {
-            AddConsoleHTML(`<span class="text-info font-weight-bold">Chat from ${deviceName}</span>: ${message}`);
+            AddConsoleHTML(`<span class="text-info font-weight-bold">Chat from ${deviceName}</span>: ${encodedMessage}`);
         }
 
-        ReceiveChatText(deviceID, deviceName, message, disconnected);
+        ReceiveChatText(deviceID, deviceName, encodedMessage, disconnected);
     });
     hubConnection.on("UserOptions", (options: UserOptions) => {
         MainApp.UserSettings.CommandModeShortcuts.Web = options.CommandModeShortcutWeb;

Utilities/Install-RemotelyServer.ps1

@@ -372,8 +372,10 @@ Start-Website -Name $SiteName
 
 
 ### SSL certificate installation. ###
-if ($WacsPath -ne $null -and (Test-Path -Path $WacsPath)) {
-    &"$WacsPath" --target iis --siteid (Get-Website -Name $SiteName).ID --installation iis --emailaddress $EmailAddress --accepttos 
+if ($WacsPath) {
+    if (Test-Path -Path $WacsPath) {
+        &"$WacsPath" --target iis --siteid (Get-Website -Name $SiteName).ID --installation iis --emailaddress $EmailAddress --accepttos 
+    }
 }
 
 Wrap-Host