I have the following scenario which is somewhat related with this, but I haven't been able to fix it using the suggested solution: my application has an input field, it cleans it using the Purifier and then dumps the response.
When I receive the following input:
<img src=x onerror=alert(1)>
and I purify it, it becomes:
<img src=x>
Nevertheless, when I receive the following input:
<img src=x onerror=alert(document.cookie)>
and I purify it, it becomes:
<img src=x onerror=alert(document.cookie)>
I assume this is not expected behaviour, as the alert(document.cookie) is not sanitized. This is leading to XSSs in several parts of the application. What is the recommended way to clean this?
I have the following scenario which is somewhat related with this, but I haven't been able to fix it using the suggested solution: my application has an input field, it cleans it using the Purifier and then dumps the response.
When I receive the following input:
<img src=x onerror=alert(1)>
and I purify it, it becomes:<img src=x>
Nevertheless, when I receive the following input:
<img src=x onerror=alert(document.cookie)>
and I purify it, it becomes:<img src=x onerror=alert(document.cookie)>
I assume this is not expected behaviour, as the alert(document.cookie) is not sanitized. This is leading to XSSs in several parts of the application. What is the recommended way to clean this?
Thanks!