This repository was archived by the owner on Apr 12, 2024. It is now read-only.
fix($sanitize): blacklist the usemap attribute
#14903
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gkalpak
force-pushed
the
fix-sanitize-blacklist-usemap
branch
from
39499ce to
ab86a94
Compare
|
LGTM |
|
Is this fix related to http://pivotal.io/security/cve-2016-0926? |
|
@attritionorg , I doubt it, since this is a backport of 234053f, which has been fixed since January 22, 2016. |
gkalpak
force-pushed
the
fix-sanitize-blacklist-usemap
branch
2 times, most recently
from
9663574 to
bcbba15
Compare
… a security exploit Backport of 234053f. BREAKING CHANGE: The `$sanitize` service will now remove instances of the `usemap` attribute from any elements passed to it. This attribute is used to reference another element by `name` or `id`. Since the `name` and `id` attributes are already blacklisted, a sanitized `usemap` attribute could only reference unsanitized content, which is a security risk.
gkalpak
force-pushed
the
fix-sanitize-blacklist-usemap
branch
2 times, most recently
from
f816828 to
ebce5b0
Compare
gkalpak
force-pushed
the
fix-sanitize-blacklist-usemap
branch
from
ebce5b0 to
9f63bb4
Compare
gkalpak
added a commit
that referenced
this pull request
Jul 13, 2016
… a security exploit Backport of 234053f. Closes #14903 BREAKING CHANGE: The `$sanitize` service will now remove instances of the `usemap` attribute from any elements passed to it. This attribute is used to reference another element by `name` or `id`. Since the `name` and `id` attributes are already blacklisted, a sanitized `usemap` attribute could only reference unsanitized content, which is a security risk.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport of 234053f.
BREAKING CHANGE:
The
$sanitizeservice will now remove instances of theusemapattribute from any elements passed to it.This attribute is used to reference another element by
nameorid. Since thenameandidattributes are already blacklisted, a sanitizedusemapattribute could only reference unsanitized content, which is a security risk.