webssh2 icon indicating copy to clipboard operation
webssh2 copied to clipboard

Published 20 hours ago verified publisher icon billchurch

Fix header url param to not render html to resolve XSS

Open elongstreet88 opened this issue 1 year ago • 1 comments

Fixes https://github.com/billchurch/webssh2/issues/345 http://localhost:2222/ssh/host/mydevice.local?header=<img src=x onerror=alert('XSS')>

Before: image

After: image

Note - This could be breaking if someone is using the header for HTML rendering, however, i would say this is still justified.

elongstreet88 avatar Oct 26 '23 04:10 elongstreet88

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

sonarqubecloud[bot] avatar Oct 26 '23 04:10 sonarqubecloud[bot]