Hi there,
The WebIM sample is vulnerable to XSS, specifically the "Chat history" feature.
Whereas the uname parameter is properly handled by the template engine 1, the same is not true when handled and appended to the DOM by the JavaScript 2, 3, 4.
A crafted malicious Username like John <script>alert('Doe')</script> will display an alert box on every users' chat window as soon the new joins the room.
Chat messages suffer from the exact same problem: sending a message like Hello <script>alert('everyone')</script> will trigger an alert box on every users's chat window.
Please consider fixing this issue as many developers may build on top of your sample.
Hi there, The WebIM sample is vulnerable to XSS, specifically the "Chat history" feature.
Whereas the
uname
parameter is properly handled by the template engine 1, the same is not true when handled and appended to the DOM by the JavaScript 2, 3, 4.A crafted malicious Username like
John <script>alert('Doe')</script>
will display an alert box on every users' chat window as soon the new joins the room.Chat messages suffer from the exact same problem: sending a message like
Hello <script>alert('everyone')</script>
will trigger an alert box on every users's chat window.Please consider fixing this issue as many developers may build on top of your sample.
Regards, Paulo A. Slva