Skip to content
This repository was archived by the owner on Apr 12, 2024. It is now read-only.

linky has security issue as it uses unsafeHTML filter #34

Closed
mhevery opened this issue Oct 1, 2010 · 1 comment
Closed

linky has security issue as it uses unsafeHTML filter #34

mhevery opened this issue Oct 1, 2010 · 1 comment

Comments

@mhevery
Copy link
Contributor

mhevery commented Oct 1, 2010

  1. The linky filter (http://angularjs.org/Filter:linky) is vulnerable to XSS, http://www.google.com/<script>location=name</script>/
@mhevery
Copy link
Contributor Author

mhevery commented Oct 26, 2010

create HTML sanitizer to allow inclusion of untrusted HTML in safe manner.

Sanitization works in two phases:

  1. We parse the HTML into sax-like events (start, end, chars).
    HTML parsing is very complex, and so it may very well be that what
    most browser consider valid HTML may not pares properly here,
    but we do best effort. We treat this parser as untrusted.
  2. We have safe sanitizeWriter which treats its input (start, end, chars)
    as untrusted content and escapes everything. It only allows elements
    in the whitelist and only allows attributes which are whitelisted.
    Any attribute value must not start with 'javascript:'. This check
    is performed after escaping for entity (&xAB; etc..) and ignoring
    any whitespace.
  • Correct linky filter to use safeHtmlWriter
  • Correct html filter to use safeHtmlWriter

Closed by 6c8107b4305a6684794f7a531ff1362b71dbc5ae; Closed by 6c8107b4305a6684794f7a531ff1362b71dbc5ae

@SylwesterKogowski SylwesterKogowski mentioned this issue Oct 29, 2016
Closed
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mhevery