flat-ui icon indicating copy to clipboard operation
flat-ui copied to clipboard

Published 20 hours ago verified publisher icon githubocto

CSS Injection Vulnerability

Open makuga01 opened this issue 2 years ago • 1 comments

When using the DOMPurify library to sanitize HTML from malicious code here, the library doesn't sanitize CSS style tags. These can be used to change the website's appearance and possibly to pull off clickjacking attacks. - https://portswigger.net/web-security/clickjacking

PoC: https://flatgithub.com/makuga01/csv-test?filename=css.csv&sha=9cfecff99206e7a11716d14b48a2edb9c16ce0c1

I suggest adding using a DOMPurify config like this one:

const dompurifyConfig = {
  FORBID_TAGS: ['style', 'form'],
}
const sanitized = DOMPurify.sanitize(displayValue, dompurifyConfig);

I also added HTML forms to the forbidden tags as they can be used for creating a fake login screen

makuga01 avatar Dec 16 '22 12:12 makuga01

PR here: https://github.com/githubocto/flat-ui/pull/34

makuga01 avatar Jan 02 '23 15:01 makuga01