We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
https://stackblitz.com/edit/angular-q2g3qd?file=src%2Fapp%2Fapp.component.ts
在select输入框输入<img src='x' onerror='alert(1)'>,此时浏览器会出现alert弹窗
不应该弹出浏览器对话框
弹出浏览器对话框
经查阅源码发现,在 components/select/select-search.component.ts 文件 syncMirrorWidth 方法中使用了不安全的 innerHTML 赋值,应改为使用 textContent 或者 renderer2.createText() 方法
syncMirrorWidth
innerHTML
textContent
renderer2.createText()
The text was updated successfully, but these errors were encountered:
fix(module:select): search prevents html injection
b100d94
close NG-ZORRO#6209
fix(module:select): fix XSS vulnerabilities (#6222)
a393b89
close #6209
到底是咋修复的?需要升级到11.0.0版本才行吗?
Sorry, something went wrong.
mirrorDOM.innerHTML = this.renderer.createText(${inputDOM.value} );
the result of createText is an object, so this code will cause the innerHTML of mirrorDOM is '[object Text]'
createText方法的返回结果是一个对象,这样赋值会导致mirrorDOM元素的innerHTML为 [object Text]
yangjunhan
Successfully merging a pull request may close this issue.
Reproduction link
https://stackblitz.com/edit/angular-q2g3qd?file=src%2Fapp%2Fapp.component.ts
Steps to reproduce
在select输入框输入<img src='x' onerror='alert(1)'>,此时浏览器会出现alert弹窗
What is expected?
不应该弹出浏览器对话框
What is actually happening?
弹出浏览器对话框
经查阅源码发现,在 components/select/select-search.component.ts 文件
syncMirrorWidth
方法中使用了不安全的innerHTML
赋值,应改为使用textContent
或者renderer2.createText()
方法The text was updated successfully, but these errors were encountered: