mirror of
https://github.com/laurent22/joplin.git
synced 2024-12-24 10:27:10 +02:00
All: Security: Prevent XSS when passing specially encoded string to a link
This commit is contained in:
parent
2078fa4e40
commit
57b4198d2c
1
packages/app-cli/tests/md_to_html/sanitize_18.html
Normal file
1
packages/app-cli/tests/md_to_html/sanitize_18.html
Normal file
@ -0,0 +1 @@
|
||||
<a data-from-md title='<style>' href='&#x22&#x2c&#x22&#x61&#x22&#x29&#x3b&#x74&#x6f&#x70&#x2e&#x72&#x65&#x71&#x75&#x69&#x72&#x65&#x28&#x27&#x63&#x68&#x69&#x6c&#x64&#x5f&#x70&#x72&#x6f&#x63&#x65&#x73&#x73&#x27&#x29&#x2e&#x65&#x78&#x65&#x63&#x28&#x27&#x6f&#x70&#x65&#x6e&#x20&#x2f&#x53&#x79&#x73&#x74&#x65&#x6d&#x2f&#x41&#x70&#x70&#x6c&#x69&#x63&#x61&#x74&#x69&#x6f&#x6e&#x73&#x2f&#x43&#x61&#x6c&#x63&#x75&#x6c&#x61&#x74&#x6f&#x72&#x2e&#x61&#x70&#x70&#x27&#x29&#x3b&#x2f&#x2f' onclick='postMessage("&#x22&#x2c&#x22&#x61&#x22&#x29&#x3b&#x74&#x6f&#x70&#x2e&#x72&#x65&#x71&#x75&#x69&#x72&#x65&#x28&#x27&#x63&#x68&#x69&#x6c&#x64&#x5f&#x70&#x72&#x6f&#x63&#x65&#x73&#x73&#x27&#x29&#x2e&#x65&#x78&#x65&#x63&#x28&#x27&#x6f&#x70&#x65&#x6e&#x20&#x2f&#x53&#x79&#x73&#x74&#x65&#x6d&#x2f&#x41&#x70&#x70&#x6c&#x69&#x63&#x61&#x74&#x69&#x6f&#x6e&#x73&#x2f&#x43&#x61&#x6c&#x63&#x75&#x6c&#x61&#x74&#x6f&#x72&#x2e&#x61&#x70&#x70&#x27&#x29&#x3b&#x2f&#x2f", { resourceId: "" }); return false;'>xxxxx</a>
|
1
packages/app-cli/tests/md_to_html/sanitize_18.md
Normal file
1
packages/app-cli/tests/md_to_html/sanitize_18.md
Normal file
@ -0,0 +1 @@
|
||||
[xxxxx](","a");top.require('child_process').exec('open /System/Applications/Calculator.app');// '<style>')
|
@ -99,7 +99,7 @@ export default function(href: string, options: Options = null): LinkReplacementR
|
||||
postMessageSyntax: options.postMessageSyntax ?? 'void',
|
||||
}, onClick);
|
||||
} else {
|
||||
js = `onclick='${js}'`;
|
||||
js = `onclick='${htmlentities(js)}'`;
|
||||
}
|
||||
|
||||
if (hrefAttr.indexOf('#') === 0 && href.indexOf('#') === 0) js = ''; // If it's an internal anchor, don't add any JS since the webview is going to handle navigating to the right place
|
||||
|
Loading…
Reference in New Issue
Block a user