lit-redux-router icon indicating copy to clipboard operation
lit-redux-router copied to clipboard

Published 20 hours ago verified publisher icon fernandopasik

XSS vulnerability when using path params

Open giejay opened this issue 3 months ago • 0 comments

Bug Report

A path setup like this:

<lit-route path="/agents/:agentIdRoute" component="agent-configuration"></lit-route>

Can, or will cause a XSS vulnerability when the user enters this url:

http://localhost/agents/1"><img%20src%20onerror=alert(%27hi%27)>

That's because unsafeHTML is used over here: https://github.com/fernandopasik/lit-redux-router/blob/main/src/lib/route.ts#L148

Expected behavior

No XSS attack possible

Current behavior

An alert is shown in the browser.

Steps to reproduce

  1. Add a path param to a lit-route
  2. add "><img%20src%20onerror=alert(%27hi%27)> to the url
  3. See the alert

Possible solution

Not sure if we can fully prevent unsafeHTML being used here, so maybe clean all the params?

giejay avatar Apr 10 '24 06:04 giejay