lit-redux-router
lit-redux-router copied to clipboard
XSS vulnerability when using path params
Bug Report
A path setup like this:
<lit-route path="/agents/:agentIdRoute" component="agent-configuration"></lit-route>
Can, or will cause a XSS vulnerability when the user enters this url:
http://localhost/agents/1"><img%20src%20onerror=alert(%27hi%27)>
That's because unsafeHTML is used over here: https://github.com/fernandopasik/lit-redux-router/blob/main/src/lib/route.ts#L148
Expected behavior
No XSS attack possible
Current behavior
An alert is shown in the browser.
Steps to reproduce
- Add a path param to a lit-route
- add
"><img%20src%20onerror=alert(%27hi%27)>
to the url - See the alert
Possible solution
Not sure if we can fully prevent unsafeHTML being used here, so maybe clean all the params?