From d8bb9c055a3fcc15dfc92ea8238b4c26bf71f55c Mon Sep 17 00:00:00 2001
From: Anton Tananaev <anton@traccar.org>
Date: Mon, 2 May 2022 16:50:14 -0700
Subject: Configurable API sanitization

---
 src/main/java/org/traccar/config/Keys.java | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src/main/java/org/traccar/config')

diff --git a/src/main/java/org/traccar/config/Keys.java b/src/main/java/org/traccar/config/Keys.java
index dc6bcbec9..f5299b90b 100644
--- a/src/main/java/org/traccar/config/Keys.java
+++ b/src/main/java/org/traccar/config/Keys.java
@@ -552,6 +552,14 @@ public final class Keys {
             "web.port",
             Collections.singletonList(KeyType.GLOBAL));
 
+    /**
+     * Sanitize all strings returned via API. This is needed to fix XSS issues in the old web interface. New React-based
+     * interface doesn't require this.
+     */
+    public static final ConfigKey<Boolean> WEB_SANITIZE = new ConfigKey<>(
+            "web.sanitize",
+            Collections.singletonList(KeyType.GLOBAL));
+
     /**
      * Path to the web app folder.
      */
-- 
cgit v1.2.3