primal-web-app icon indicating copy to clipboard operation
primal-web-app copied to clipboard

Published 20 hours ago verified publisher icon PrimalHQ

Unsafe use of innerHTML and inadequate HTML sanitization

Open geeknik opened this issue 8 months ago • 0 comments

Security Incident Report

Executive Summary

This report outlines multiple security vulnerabilities found in the Primal Web App repository. The issues are primarily related to Cross-Site Scripting (XSS) vulnerabilities due to the unsafe use of innerHTML and inadequate HTML sanitization.

Detailed Findings

  1. HIGH: Dangerous dynamic HTML insert detected. [CWE-79]

    • File: primal-web-app/src/components/Toaster/Toaster.tsx
    • Line: 21
    • Code: toaster.innerHTML = message;
    • Recommendation: Use React's JSX to dynamically insert content, which automatically escapes HTML.
    // Replace
toaster.innerHTML = message;
// With
toaster.textContent = message;

  2. HIGH: Dangerous dynamic HTML insert detected. [CWE-79]

    • File: primal-web-app/src/pages/EditProfile.tsx
    • Line: 72
    • Code: banner.innerHTML = <div class="${styles.bannerPlaceholder}"></div>;
    • Recommendation: Use React's JSX to create the banner.
    // Replace
banner.innerHTML = `<div class="${styles.bannerPlaceholder}"></div>`;
// With
const bannerElement = <div className={styles.bannerPlaceholder}></div>;

  3. HIGH: Dangerous dynamic HTML insert detected. [CWE-79]

    • File: primal-web-app/src/pages/Profile.tsx
    • Line: 144
    • Code: banner.innerHTML = <div class="${styles.bannerPlaceholder}"></div>;
    • Recommendation: Similar to the above, use React's JSX.
    // Replace
banner.innerHTML = `<div class="${styles.bannerPlaceholder}"></div>`;
// With
const bannerElement = <div className={styles.bannerPlaceholder}></div>;

  4. MEDIUM: Manual HTML sanitization detected. [CWE-79]

    • File: primal-web-app/src/lib/notes.tsx
    • Line: 25
    • Code: return html.replaceAll('<', '&lt;').replaceAll('>', '&gt;');
    • Recommendation: Use a well-tested library for HTML sanitization like DOMPurify.
    import DOMPurify from "dompurify";
// Replace
return html.replaceAll('<', '&lt;').replaceAll('>', '&gt;');
// With
return DOMPurify.sanitize(html);

Conclusion

The identified vulnerabilities should be addressed immediately to prevent potential security incidents. Adopting best practices for HTML sanitization and secure coding can mitigate these risks. 🤙🏻

geeknik avatar Oct 20 '23 15:10 geeknik