mdDataTable icon indicating copy to clipboard operation
mdDataTable copied to clipboard

Published 20 hours ago verified publisher icon iamisti

XSS vulnerability

Open soryy708 opened this issue 7 years ago • 0 comments

If you give the mdt-table directive an mdt-row with data, it will gladly turn whatever's in data in to HTML and run scripts. Workaround: In TableDataStorageService.prototype.addRowData, iterate rowArray and sanitize.

for(var i in rowArray) {
	if(rowArray[i].value && (typeof rowArray[i].value === 'string' || rowArray[i].value.constructor === String)) {
		rowArray[i].value = rowArray[i].value.
		replace(/<script[^>]*?>.*?<\/script>/gi, '').
		replace(/<[\/\!]*?[^<>]*?>/gi, '').
		replace(/<style[^>]*?>.*?<\/style>/gi, '').
		replace(/<![\s\S]*?--[ \t\n\r]*>/gi, '');
	}
}

soryy708 avatar Nov 09 '18 12:11 soryy708