palantir
Sanitize docs content to prevent XSS
Fix for Cross-Site Scripting (XSS) Vulnerability
Hi, I've found a Cross-Site Scripting (XSS) vulnerability in the package @icedesign/richtext-renderer.
Vulnerability Details:
- Severity: High/Critical
- Description: There's a risk of malicious content is passed to docs
POC(Proof of Concept)
import React, { useEffect } from "react";
import { Documentation } from "@blueprintjs/docs-theme";
const App = () => {
return (
<Documentation
docs={{
nav: [],
pages: {
test: {
reference: "foo",
route: "foo",
sourcePath: "foo",
title: "foo",
contents: ["<img src='' onerror=alert(1)>"],
},
},
docs: {
pages: [],
},
}}
defaultPageId="foo"
/>
);
};
export default App;
Changes proposed in this pull request:
Sanitize the HTML before rendering it using dangerouslySetInnerHtml
I've already fixed this issue, and have submitted a pull request with the necessary changes. Please review and merge my pull request to resolve this vulnerability. Thanks!
Reviewers should focus on:
Screenshot
Thanks for your interest in palantir/blueprint, @gtsp233! Before we can accept your pull request, you need to sign our contributor license agreement - just visit https://cla.palantir.com/ and follow the instructions. Once you sign, I'll automatically update this pull request.
This is a developer build tool that is not exposed directly to end users (only developers building documentation sites). Why does this sanitization need to happen in the Blueprint package? If it's a concern for a downstream consumer, then perhaps @icedesign/richtext-renderer should do the sanitization?
