Open teeohhem opened 4 years ago
This lib is vulnerable to XSS attacks if html/javascript is entered as a search term. The lib has many instances of innerHTML replacements where textContent should be used.
innerHTML
textContent
Steps to reproduce: 1) Enter into the search box 2) Notice the javascript is executed because it's inserted into the DOM as html</p> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/teeohhem"><img src="https://avatars.githubusercontent.com/u/3245235?v=4" />teeohhem</a> commented <strong> 4 years ago</strong> </div> <div class="markdown-body"> <p><a href="https://github.com/redking/chosen-dojo/pull/6">https://github.com/redking/chosen-dojo/pull/6</a></p> </div> </div> <div class="page-bar-simple"> </div> <div class="footer"> <ul class="body"> <li>© <script> document.write(new Date().getFullYear()) </script> Githubissues.</li> <li>Githubissues is a development platform for aggregating issues.</li> </ul> </div> <script src="https://cdn.jsdelivr.net/npm/jquery@3.5.1/dist/jquery.min.js"></script> <script src="/githubissues/assets/js.js"></script> <script src="/githubissues/assets/markdown.js"></script> <script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/highlight.min.js"></script> <script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/go.min.js"></script> <script> hljs.highlightAll(); </script> </body> </html>
This lib is vulnerable to XSS attacks if html/javascript is entered as a search term. The lib has many instances of
innerHTMLreplacements wheretextContentshould be used.Steps to reproduce: 1) Enter