Enhance a performance and security in PR

This commit is contained in:
Namhyeon Go 2025-03-19 15:48:12 +09:00
parent e2c9169121
commit 4e78905bbc
2 changed files with 16 additions and 10 deletions

View File

@ -72,7 +72,7 @@ namespace WelsonJS.Launcher
{
try
{
ProcessRequest(await _listener.GetContextAsync());
await ProcessRequest(await _listener.GetContextAsync());
}
catch (Exception ex)
{
@ -82,7 +82,7 @@ namespace WelsonJS.Launcher
}
}
private void ProcessRequest(HttpListenerContext context)
private async Task ProcessRequest(HttpListenerContext context)
{
string path = context.Request.Url.AbsolutePath.TrimStart('/');
@ -105,7 +105,7 @@ namespace WelsonJS.Launcher
const string devtoolsPrefix = "devtools/";
if (path.StartsWith(devtoolsPrefix, StringComparison.OrdinalIgnoreCase))
{
ServeDevTools(context, path.Substring(devtoolsPrefix.Length - 1)).GetAwaiter().GetResult(); ;
await ServeDevTools(context, path.Substring(devtoolsPrefix.Length - 1));
return;
}
@ -113,7 +113,7 @@ namespace WelsonJS.Launcher
const string whoisPrefix = "whois/";
if (path.StartsWith(whoisPrefix, StringComparison.OrdinalIgnoreCase))
{
ServeWhoisRequest(context, path.Substring(whoisPrefix.Length)).GetAwaiter().GetResult();
await ServeWhoisRequest(context, path.Substring(whoisPrefix.Length));
return;
}
@ -176,13 +176,21 @@ namespace WelsonJS.Launcher
private async Task ServeWhoisRequest(HttpListenerContext context, string query)
{
if (string.IsNullOrWhiteSpace(query) || query.Length > 255)
{
ServeResource(context, "<error>Invalid query parameter</error>", "application/xml", 400);
return;
}
string whoisServerUrl = "https://xn--c79as89aj0e29b77z.xn--3e0b707e";
using (var client = new HttpClient())
{
client.Timeout = TimeSpan.FromSeconds(10);
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, $"{whoisServerUrl}/kor/whois.jsc")
{
Content = new StringContent($"query={query}&ip=141.101.82.1", Encoding.UTF8, "application/x-www-form-urlencoded")
Content = new StringContent($"query={Uri.EscapeDataString(query)}&ip=141.101.82.1", Encoding.UTF8, "application/x-www-form-urlencoded")
};
request.Headers.Add("Accept", "*/*");
@ -194,7 +202,7 @@ namespace WelsonJS.Launcher
HttpResponseMessage response = await client.SendAsync(request);
string responseBody = await response.Content.ReadAsStringAsync();
ServeResource(context, responseBody, "text/html", (int)response.StatusCode);
ServeResource(context, responseBody, "text/plain", (int)response.StatusCode);
}
catch (Exception ex)
{

View File

@ -87,6 +87,7 @@
</script>
<script src="https://unpkg.com/axios/dist/axios.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/fast-xml-parser/4.5.1/fxparser.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/3.2.4/purify.min.js"></script>
<script src="https://cdn.metroui.org.ua/dev/metro.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/monaco-editor/0.52.2/min/vs/loader.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/monaco-editor/0.52.2/min/vs/editor/editor.main.js"></script>
@ -266,10 +267,7 @@
}
axios.get(`${serverBaseUrl}/whois/${hostname}`).then(response => {
const responseText = response.data
.replace(/<script[^>]*>[\s\S]*?<\/script>/gi, '')
.replace(/<\/?[^>]+(>|$)/g, '')
.replace(/^[\r\n]+|[\r\n]+$/g, '');
const responseText = DOMPurify.sanitize(response.data, { ALLOWED_TAGS: [], ALLOWED_ATTR: [] });
appendTextToEditor(`/*\n${responseText}\n*/`);
}).catch(error => {