Sanitize the URL to fix XSS vulnerability

pramit-marattha / Fullstack-projects-frontend-with-react-and-backend-with-various-stacks

* W.I.P *🛠 Full-on full stack front end and a bit of back end web development challenge. Challenging every day to learn new stuffs about react & its in-depth features and also to explore the taste of various stacks.

MIT License

187 stars 42 forks source link

Fix for Cross-Site Scripting (XSS) Vulnerability

I've identified a Cross-Site Scripting (XSS) vulnerability in bookmark-manager-react-web-app-project.

Vulnerability Details:

Severity: High/Critical
Description: There's a risk of malicious script execution when the href of the element is controlled by an adversary.

Steps to Reproduce:

open https://book-mark-react.netlify.app/
Input javascript:alert(1) in the Url Link Input
use cmd/ctrl + click combination to click the bookmark Then the malicious code alert(1) will be executed.

Suggested Fix or Mitigation: Sanitize the href attribute value before passing it to an tag.

I've already fixed and tested this issue, and have submitted a pull request with the necessary changes. Please review and merge my pull request at your earliest convenience to resolve this vulnerability. Thanks!

Name	Status	Preview	Comments	Updated (UTC)
budget-manager	❌ Failed (Inspect)			Dec 4, 2023 10:34pm
tetris	❌ Failed (Inspect)			Dec 4, 2023 10:34pm

Name

Status

Preview

Comments

Updated (UTC)

budget-manager

❌ Failed (Inspect)

Dec 4, 2023 10:34pm

tetris

❌ Failed (Inspect)

Dec 4, 2023 10:34pm

pramit-marattha / Fullstack-projects-frontend-with-react-and-backend-with-various-stacks

Sanitize the URL to fix XSS vulnerability #269

Fix for Cross-Site Scripting (XSS) Vulnerability