Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2025-12-18 00:10:13 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Security Fix JVN#86586539: Stored XSS.

Browse source 
Thanks to Ryoya Koyama of Mitsui Bussan Secure Directions, Inc and xet7.
This commit is contained in:
Lauri Ojansivu 2025-10-10 23:14:06 +03:00
parent a0b94065c5
commit ee79cab7b2
9 changed files with 248 additions and 75 deletions
Download patch file Download diff file Expand all files Collapse all files

9
client/components/main/editor.js
View file

@ -325,6 +325,7 @@ BlazeComponent.extendComponent({
}).register('editor');
import DOMPurify from 'dompurify';
import { sanitizeHTML } from '/client/lib/secureDOMPurify';
// Additional safeAttrValue function to allow for other specific protocols
// See https://github.com/leizongmin/js-xss/issues/52#issuecomment-241354114
@ -371,9 +372,7 @@ Blaze.Template.registerHelper(
let content = Blaze.toHTML(view.templateContentBlock);
const currentBoard = Utils.getCurrentBoard();
if (!currentBoard)
return HTML.Raw(
DOMPurify.sanitize(content, { ALLOW_UNKNOWN_PROTOCOLS: true }),
);
return HTML.Raw(sanitizeHTML(content));
const knowedUsers = _.union(currentBoard.members.map(member => {
const u = ReactiveCache.getUser(member.userId);
if (u) {
@ -417,9 +416,7 @@ Blaze.Template.registerHelper(
content = content.replace(fullMention, Blaze.toHTML(link));
}
return HTML.Raw(
DOMPurify.sanitize(content, { ALLOW_UNKNOWN_PROTOCOLS: true }),
);
return HTML.Raw(sanitizeHTML(content));
}),
);