Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sanitize noscript to prevent copy and paste XSS #1147

Merged
merged 1 commit into from
Apr 26, 2024
Merged

Conversation

lewispb
Copy link
Member

@lewispb lewispb commented Apr 26, 2024

Specially crafted copy and pasted HTML can trigger an XSS (if there's no protective CSP).

I've added a test case for this, and fixed it by stripping noscript elements from copy and pasted HTML.

@afcapel afcapel merged commit 841ff19 into main Apr 26, 2024
1 check passed
@afcapel afcapel deleted the sanitize-noscript branch April 26, 2024 15:10
@afcapel
Copy link
Contributor

afcapel commented Apr 26, 2024

Thanks @lewispb 🙌

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants