You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The new Foxhound version introduced tainted strings as part of DOM node elements (in case innerHTML and similar is leading to DOM parsing). It seems that tainted strings are only propagated into attribute values but there are other node types which would require string propagation, e.g., comment/text/CDATA nodes but also regular element nodes where the tag name and attribute keys might be determined by tainted strings.
Example for an unrecognized flow of a comment node into sink element.after via innerHTML: templateElement.innerHTML = '<div id="abc"><!-- Data for TAINTED --></div>'
The text was updated successfully, but these errors were encountered:
The new Foxhound version introduced tainted strings as part of DOM node elements (in case innerHTML and similar is leading to DOM parsing). It seems that tainted strings are only propagated into attribute values but there are other node types which would require string propagation, e.g., comment/text/CDATA nodes but also regular element nodes where the tag name and attribute keys might be determined by tainted strings.
Example for an unrecognized flow of a comment node into sink
element.afterviainnerHTML:templateElement.innerHTML = '<div id="abc"><!-- Data for TAINTED --></div>'The text was updated successfully, but these errors were encountered: