enterprise icon indicating copy to clipboard operation
enterprise copied to clipboard

Published 20 hours ago verified publisher icon infor-design

RichText: Pen test failure Paste as plain text vs paste

Open aaralikar opened this issue 2 years ago • 2 comments

Describe the bug Paste in rich text editor works as expected when malicious input such as "><img src=x onerror=alert(1)>" is pasted. Paste as plain text fails. It executes the onerror script.

To Reproduce

Use the demo for rich text editor, ids-enterprise-ng-demo/editor

Steps to reproduce the behavior:

  1. Go to editor demo
  2. Right click and paste as plain text the attack vector "><img src=x onerror=alert(1)>"

Expected behavior Both paste and paste as plain text should clean the html.

Version

ids-enterprise v4.67.2

Platform

  • Infor Application/Team Name: Landmark
  • OS Version: Windows 10
  • Browser Name: chrome
  • Browser Version: 106.0.5249.91

Additional context Penetration test failure reported - https://jira.infor.com/browse/LMWEB-2316

aaralikar avatar Oct 13 '22 17:10 aaralikar

Paste as plain text

RichtextPasteAsPlainText

aaralikar avatar Oct 13 '22 17:10 aaralikar

Paste

RichtextPaste

aaralikar avatar Oct 13 '22 17:10 aaralikar

QA tested and passed.

http://localhost:4000/components/editor/test-paste-as-plain-text.html

https://user-images.githubusercontent.com/102151352/201897012-4ad0c5fc-fc9b-4454-83d1-5217b6741f30.mov

http://localhost:4000/components/editor/example-index.html

https://user-images.githubusercontent.com/102151352/201897104-966b19e1-7c47-4f65-af80-372fc4dc6033.mov

glenlieorillo avatar Nov 15 '22 10:11 glenlieorillo