SimpleChat
SimpleChat copied to clipboard
d0nd3r3k
No input sanitisation
Hey Donald,
As part of a University led project I am looking for an open source project with a security issue. The project entails that once a security issue has been found, we develop a patch and inform the developer(s).
We have found that within your chat application that there is no sanitation performed on the users input before it is emitted for other users to view. This vulnerability can be exploited in a variety of ways such as leveraging the injection of HTML, CSS and JavaScript into other clients’ browsers to perform XSS.
The solution is very simple - you simply need to sanitise the users input before emitting it back into the system for others to view.
We want to add the following sanitise function into the top of the chat.js file (or somewhere more suitable if you prefer):
function sanitise(str) { return String(str).replace(/</g, '<').replace(/>/g, '>').replace(/"/g, '"'); }
Once this has been added, we want to edit the sendButton.onclick function to include this sanitation. Simply wrap field.value and name.value with the sanitation function when emitting.
socket.emit('send', { message: sanitise(field.value), username: sanitise(name.value) });
That should then resolve the issue.
I have attached an amended chat.js for your convenience
Thanks!
Cheers, I haven't looked into this project for so long now, and the purpose of it wasn't to support a robust and secure chat service. I think it's main purpose was to fit a small tutorial about socket.io and it's awesomeness. But thanks! Would you like to create a pull request?
