search

sibiraj-s / ngx-editor

🖋️ Rich Text Editor for angular using ProseMirror
https://sibiraj-s.github.io/ngx-editor/
MIT License
457 stars 191 forks source link

[Bug]: XSS Vulnerability #459

Closed orb77 closed 1 year ago

orb77 commented 1 year ago

What happened?

If you provide the editor with img and the tag contains onerror attribute it executes JavaScript when the src attribute is invalid. Sample img input: <img src="notfound" onerror="alert('Vulnerable!')" />

Version

15.3.0

Angular Version

15.1.0

What browsers are you seeing the problem on?

Chrome

Link to reproduce

stackblitz

Relevant log output

No response

Willing to submit a PR?

None

sibiraj-s commented 1 year ago

Hi, Sorry for the delay in response.

The editor itself neither allows pasting javascript directly to be executed nor sanitizes the input, it is the responsibility of the developer to sanitize the input before providing it to the editor.

Or Maybe you could write a pluing to sanitize html before the editor renders it. I am sure that there should be a prosemirror handle to preprocess html before inseted.

Let me know if you have more questions.

github-actions[bot] commented 1 year ago

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in the thread.