Closed Labsy-glitch closed 1 year ago
{ "warning_type": "Cross-Site Scripting", "warning_code": 124, "fingerprint": "c2cc471a99036432e03d83e893fe748c2b1d5c40a39e776475faf088717af97d", "check_name": "SanitizeConfigCve", "message": "rails-html-sanitizer 1.4.2 is vulnerable to cross-site scripting when select and style tags are allowed (CVE-2022-32209)", "file": "config/initializers/sanitizers.rb", "line": 1, "link": "https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s/m/S0fJfnkmBAAJ", "code": "Rails::Html::SafeListSanitizer.allowed_tags = [\"select\", \"a\", \"style\"]", "render_path": null, "location": null, "user_input": null, "confidence": "High", "cwe_id": [ 79 ] }
select
style
I think this can be closed.
gregmolnar
commented
1 year ago gregmolnar
commented
1 year ago
{ "warning_type": "Cross-Site Scripting", "warning_code": 124, "fingerprint": "c2cc471a99036432e03d83e893fe748c2b1d5c40a39e776475faf088717af97d", "check_name": "SanitizeConfigCve", "message": "rails-html-sanitizer 1.4.2 is vulnerable to cross-site scripting when
selectandstyletags are allowed (CVE-2022-32209)", "file": "config/initializers/sanitizers.rb", "line": 1, "link": "https://groups.google.com/g/rubyonrails-security/c/ce9PhUANQ6s/m/S0fJfnkmBAAJ", "code": "Rails::Html::SafeListSanitizer.allowed_tags = [\"select\", \"a\", \"style\"]", "render_path": null, "location": null, "user_input": null, "confidence": "High", "cwe_id": [ 79 ] }