Sanitize guild_id in HTTP responses to prevent potential XSS attacks #7
Description
In the current implementation of ServerQuery, the guild_id is included directly in HTTP responses without being sanitized first. While guild_id is provided by the Discord API and not user-inputted, it is included in URLs and could potentially be manipulated.
This could pose a potential risk for Cross-Site Scripting (XSS) attacks, where an attacker tricks a user into clicking a malicious link that includes a script in the guild_id.
To resolve this issue, we need to sanitize guild_id before including it in HTTP responses. This can be done using a library such as escape-html or validator.
Steps to Reproduce:
- Make a GET request to the
/api/get/bot/:guild_id/serversendpoint with an invalid guild_id. - Observe the HTTP response. (in this case it seems that the guild_id is being sanitized and converted to a string, but to be doubly sure, I want to add sanitization to all endpoint variables, just in case)
Expected Outcome:
The guild_id in the HTTP response should be sanitized and not pose any risk for XSS attacks.
Actual Outcome:
The guild_id is included directly in the HTTP response without being sanitized, potentially posing a risk for XSS attacks.
Suggested Fix:
Use a library like escape-html to sanitize guild_id before including it in HTTP responses.
Relevant Example Code Snippet:
See getRoutes.js
router.get('/:guild_id/servers', function(req, res) {
const { guild_id } = req.params;
// ...
res.status(404).send(`No servers found for guild ID: ${guild_id}`);
// ...
});