From a119c58279d4b1dcb87bd996917e045cf3d3783d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Filip=20Kaln=C3=BD?=
 <41711263+totalolage@users.noreply.github.com>
Date: Sun, 9 Mar 2025 02:36:48 +0100
Subject: [PATCH] Prevent code injection from downloaded keybox file (#23)

* add sanitization of arbitrary keybox content
---
 module/webui/scripts/menu_option.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/module/webui/scripts/menu_option.js b/module/webui/scripts/menu_option.js
index 9d9b7b5..ef5bc6b 100644
--- a/module/webui/scripts/menu_option.js
+++ b/module/webui/scripts/menu_option.js
@@ -175,10 +175,11 @@ export async function setupSystemAppMenu() {
 
 // Function to backup previous keybox and set new keybox
 async function setKeybox(content) {
+    const sanitizedContent = content.replace(/'/g, "'\\''");
     try {
         await execCommand(`
             mv -f /data/adb/tricky_store/keybox.xml /data/adb/tricky_store/keybox.xml.bak 2>/dev/null
-            echo '${content}' > /data/adb/tricky_store/keybox.xml
+            echo '${sanitizedContent}' > /data/adb/tricky_store/keybox.xml
             chmod 644 /data/adb/tricky_store/keybox.xml
             `);
         return true;