Skip to content
This repository has been archived by the owner on Jul 15, 2019. It is now read-only.

vulnerability found in auto double quoting feature. #17

Open
adon-at-work opened this issue Jul 28, 2015 · 5 comments
Open

vulnerability found in auto double quoting feature. #17

adon-at-work opened this issue Jul 28, 2015 · 5 comments
Assignees
@maditya
Labels
bug
Milestone
v1.1

Comments

@adon-at-work
Copy link
Contributor

<img src="x" id='" onerror="alert(1)' />
it's not vulnerable itself. but after purification, it becomes
<img src="x" id="" onerror="alert(1)" />
this boils down to the problem of always using double quote in html purifier since v1.0
https://github.com/yahoo/html-purify/blob/v1.0.0/src/html-purify.js#L66

reported here as recommended by @yukinying
@yukinying
Copy link
Contributor

cc @maditya

@yukinying
Copy link
Contributor

Root cause of such should be in https://github.com/yahoo/html-purify/blob/master/src/html-purify.js#L120

@adon-at-work
Copy link
Contributor Author

plus https://github.com/yahoo/html-purify/blob/master/src/html-purify.js#L113

@neraliu neraliu added the bug label Aug 10, 2015
@neraliu neraliu added this to the v1.1 milestone Aug 10, 2015
@neraliu neraliu changed the title Vulnerability found vulnerability found in auto double quoting feature. Aug 10, 2015
@maditya maditya mentioned this issue Aug 10, 2015
Closed
@ramijarrar
Copy link

Was this released in 1.1?

@maditya
Copy link
Contributor

maditya commented Feb 18, 2016

We have an open PR for this - #22 and will merge it soon.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@maditya maditya

Labels
bug
Projects
None yet
Milestone
v1.1
Development

No branches or pull requests
5 participants
@neraliu @yukinying @maditya @adon-at-work @ramijarrar