From 377d8e4b0650715e8ddd8dc3831cfa0e92add3a7 Mon Sep 17 00:00:00 2001 From: Sujit Kumar <60378235+therealsujitk@users.noreply.github.com> Date: Wed, 17 Jan 2024 15:04:51 +0530 Subject: [PATCH] Escape single quotes in login inputs (Fix #101) --- .../tk/therealsuji/vtopchennai/services/VTOPService.java | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/app/src/main/java/tk/therealsuji/vtopchennai/services/VTOPService.java b/app/src/main/java/tk/therealsuji/vtopchennai/services/VTOPService.java index 743000d..ae62e6a 100644 --- a/app/src/main/java/tk/therealsuji/vtopchennai/services/VTOPService.java +++ b/app/src/main/java/tk/therealsuji/vtopchennai/services/VTOPService.java @@ -489,11 +489,10 @@ public void signIn(final String captcha) { webView.evaluateJavascript("(function() {" + "if (typeof captchaInterval != 'undefined') clearInterval(captchaInterval);" + "if (typeof executeInterval != 'undefined') clearInterval(executeInterval);" + - "var credentials = 'uname=" + username + "&passwd=' + encodeURIComponent('" + password + "') + '&" + captcha + "';" + - "$('#vtopLoginForm [name=\"username\"]').val('" + username + "');" + - "$('#vtopLoginForm [name=\"password\"]').val('" + password + "');" + - "$('#vtopLoginForm [name=\"captchaStr\"]').val('" + captcha + "');" + - "$('#vtopLoginForm [name=\"gResponse\"]').val('" + captcha + "');" + + "$('#vtopLoginForm [name=\"username\"]').val('" + username.replaceAll("'", "\\\\'") + "');" + + "$('#vtopLoginForm [name=\"password\"]').val('" + password.replaceAll("'", "\\\\'") + "');" + + "$('#vtopLoginForm [name=\"captchaStr\"]').val('" + captcha.replaceAll("'", "\\\\'") + "');" + + "$('#vtopLoginForm [name=\"gResponse\"]').val('" + captcha.replaceAll("'", "\\\\'") + "');" + "var response = {" + " authorised: false," + " error_message: null," +