Javascript library to help creating high quality justified galleries of images. Used by thousands of websites as well as the photography community 500px.
We're using Justified Gallery over at Friendica and we've been reported a security vulnerability related to this Javascript library. Image captions, even correctly escaped in the source page HTML, end up being interpreted as literal HTML in the Justified Gallery output.
This is because jQuery $('<div>' + caption + '</div>') treats caption as literal HTML. However, this value comes from HTML attributes that shouldn't contain literal HTML themselves.
The fix is simple and ensures jQuery uses the .createTextNode() DOM method internally, which escapes literal HTML in the output HTML tag.
I have checked for any other place the replaced structure would make sense.
We're using Justified Gallery over at Friendica and we've been reported a security vulnerability related to this Javascript library. Image captions, even correctly escaped in the source page HTML, end up being interpreted as literal HTML in the Justified Gallery output.
This is because jQuery
$('<div>' + caption + '</div>')treatscaptionas literal HTML. However, this value comes from HTML attributes that shouldn't contain literal HTML themselves.The fix is simple and ensures jQuery uses the
.createTextNode()DOM method internally, which escapes literal HTML in the output HTML tag.I have checked for any other place the replaced structure would make sense.