HTML sanitizer bypass #388

shhnjk · 2020-03-05T00:09:48Z

Describe the bug
HTML sanitizer in RoosterJS can be bypassed.

To Reproduce
Steps to reproduce the behavior:

Go to https://microsoft.github.io/roosterjs/index.html
Click on show side pane
Click on API Playground
Select HTML sanitizer
Add following to the input

<a href="javascript
:alert(1)">test</a>

Click on Sanitize button
JavaScript URL is still there

Expected behavior
Empty anchor tag

Device Information

OS: Windows 10
Browser: Chrome
Version: 80

The text was updated successfully, but these errors were encountered:

* Fix #388 (2nd try) * add test case * 7.0.6: Support types in roosterjs-cross-window * auto generate TargetWIndow type * export TargetWindow

shhnjk changed the title ~~XSS in sample site~~ HTML sanitizer bypass Mar 5, 2020

JiuqingSong added a commit that referenced this issue Mar 10, 2020

7.10.3: Fix #388, #380, #349

0f90011

JiuqingSong mentioned this issue Mar 10, 2020

7.10.3: Fix #388, #380, #349 #392

Merged

JiuqingSong closed this as completed in fca5075 Mar 11, 2020

JiuqingSong reopened this Mar 11, 2020

JiuqingSong added a commit that referenced this issue Mar 11, 2020

Fix #388 (2nd try)

15594c8

JiuqingSong closed this as completed in 4f6c9f1 Mar 11, 2020

JiuqingSong added a commit that referenced this issue Mar 12, 2020

7.0.6: Support more types for safeIntanceOf (#395)

726d610

* Fix #388 (2nd try) * add test case * 7.0.6: Support types in roosterjs-cross-window * auto generate TargetWIndow type * export TargetWindow

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

HTML sanitizer bypass #388

HTML sanitizer bypass #388

shhnjk commented Mar 5, 2020 •

edited

Loading

HTML sanitizer bypass #388

HTML sanitizer bypass #388

Comments

shhnjk commented Mar 5, 2020 • edited Loading

shhnjk commented Mar 5, 2020 •

edited

Loading