New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sanitize template option for tooltip/popover plugins #28236

Merged

XhmikosR merged 3 commits into v4-dev from v4-dev-jo-sanitize

Feb 13, 2019

+454 −18

Member

Johann-S commented Feb 11, 2019 •

edited by bardiharborow

Loading

XSS was possible in the tooltip or popover data-template, data-content and data-title attributes.

Fixes CVE-2019-8331.

Johann-S added js v4 labels

Johann-S requested a review from a team as a code owner

February 11, 2019 21:00

Johann-S force-pushed the v4-dev-jo-sanitize branch from 3b200ed to 5b074dd Compare

February 11, 2019 21:23

markhalliwell suggested changes

View reviewed changes

js/src/tooltip.js Outdated Show resolved Hide resolved

js/src/tooltip.js Outdated Show resolved Hide resolved

site/docs/4.3/components/popovers.md Outdated Show resolved Hide resolved

js/src/tools/sanitizer.js Show resolved Hide resolved

js/src/tools/sanitizer.js Outdated Show resolved Hide resolved

js/src/tools/sanitizer.js Outdated Show resolved Hide resolved

js/src/tooltip.js Outdated Show resolved Hide resolved

Member

XhmikosR commented Feb 12, 2019

@MarkCarver: you need to tone down the discussion.

Johann-S force-pushed the v4-dev-jo-sanitize branch from cb1299a to 50b9795 Compare

February 12, 2019 09:39

Member Author

Johann-S commented Feb 12, 2019 •

edited

Loading

Ok things I have to do:

Update the docs
Sanitize title and content if html is at true
Not allowing sanitize to be set by data attributes in HTML

And I think it'll be good, do not hesite @MarkCarver if you have any feedbacks, I think I heard you 👍

Johann-S force-pushed the v4-dev-jo-sanitize branch 2 times, most recently from ae35b82 to e780c0a Compare

February 12, 2019 10:55

markhalliwell reviewed

View reviewed changes

js/src/tools/sanitizer.js Show resolved Hide resolved

markhalliwell reviewed

View reviewed changes

js/src/tools/sanitizer.js Show resolved Hide resolved

markhalliwell reviewed

View reviewed changes

js/src/tooltip.js Show resolved Hide resolved

markhalliwell reviewed

View reviewed changes

site/docs/4.3/getting-started/javascript.md Show resolved Hide resolved

markhalliwell reviewed

View reviewed changes

site/docs/4.3/getting-started/javascript.md Outdated Show resolved Hide resolved

markhalliwell commented Feb 12, 2019

I think the title option still needs to be sanitized, didn't see that in the latest code changes yet.

markhalliwell commented Feb 12, 2019

Not allowing sanitize to be set by data attributes in HTML

Not allowing sanitize or whiteList to be set by data attributes in HTML

Member Author

Johann-S commented Feb 12, 2019

The title is sanitized by the same methods which sanitized content

markhalliwell commented Feb 12, 2019

Ah, you're right. Forgot that BS4 added setElementContent.

Johann-S force-pushed the v4-dev-jo-sanitize branch 3 times, most recently from 2f8ab60 to e47107e Compare

February 12, 2019 13:23

markhalliwell reviewed

View reviewed changes

site/docs/4.3/getting-started/javascript.md Outdated Show resolved Hide resolved

markhalliwell commented Feb 12, 2019

Just that tiny doc nit, but other than that I think this looks good!

Ty and amazing work!

markhalliwell reviewed

View reviewed changes

site/docs/4.3/components/popovers.md Show resolved Hide resolved

Johann-S force-pushed the v4-dev-jo-sanitize branch from cbe3a32 to 0cd53fc Compare

February 12, 2019 13:42

XhmikosR force-pushed the v4-dev-jo-sanitize branch 3 times, most recently from f62e91f to 1bcb21a Compare

February 12, 2019 14:13

This was referenced Jun 2, 2022

bootstrap-3.3.7.min.js: 6 vulnerabilities (highest severity is: 6.1) 8maheshw/online-shopping-system#1

Open

bootstrap-3.3.7.min.js: 6 vulnerabilities (highest severity is: 6.1) timf-ghc-test/easybuggy#3

Open

bootstrap-3.0.0.min.js: 6 vulnerabilities (highest severity is: 6.1) - autoclosed opentok/OpenTok-PHP-SDK#301

Closed

CVE-2019-8331 (Medium) detected in github.com/bugsnag/bugsnag-go-v1.5.3 - autoclosed Gal-Doron/operator-registry#13

Closed

bootstrap-3.3.7.min.js: 6 vulnerabilities (highest severity is: 6.1) tidharmws/easybuggy#3

Open

mend-app bot mentioned this pull request

bootstrap-3.1.1.min.js: 6 vulnerabilities (highest severity is: 6.1) ghe-phil/WebGoat#13

Open

This was referenced Jun 8, 2022

CVE-2019-8331 (Medium) detected in bootstrap-4.0.0.min.js Augmented-Software/twitchGamePanel#225

Open

bootstrap-3.3.6.min.js: 6 vulnerabilities (highest severity is: 6.1) classicvalues/classicvalues-website-update#64

Closed

mend-for-github-com bot mentioned this pull request

bootstrap-4.0.0-beta.min.js: 2 vulnerabilities (highest severity is: 6.1) opentok/opentok-elearning-samples#22

Open

This was referenced Aug 9, 2022

bootstrap-3.3.7.min.js: 6 vulnerabilities (highest severity is: 6.1) sureng-ghe-aws-demo/easybuggy-private#3

Open

bootstrap-3.3.7.min.js: 6 vulnerabilities (highest severity is: 6.1) sureng-ghe-aws-demo/easybuggy-pvt#3

Open

bootstrap-3.3.7.min.js: 6 vulnerabilities (highest severity is: 6.1) sureng-ghe-aws-demo/easybuggy-jfrog#3

Open

bootstrap-3.3.7.min.js: 6 vulnerabilities (highest severity is: 6.1) sureng-ghe-aws-demo/easyb-private#3

Open

Kendzione mentioned this pull request

Old Bootstrap v3.3.7 phpipam/phpipam#3740

Open

ghe-v2 bot mentioned this pull request

bootstrap-3.3.7.min.js: 6 vulnerabilities (highest severity is: 6.1) jesse-ghe-2/easybuggy#5

Open

AASMACMX mentioned this pull request

CVE-2019-8331 @ Npm-bootstrap-3.1.1 CxDemoInABoxRepos/Java-Webgoat#228

Open

This was referenced Mar 31, 2023

bootstrap-3.1.1.min.js: 6 vulnerabilities (highest severity is: 6.1) wssbanana2/WebGoat#7

Open

bootstrap-3.3.7.jar: 6 vulnerabilities (highest severity is: 6.1) wssbanana2/WebGoat#13

Open

mend-local-app bot mentioned this pull request

bootstrap-3.3.7.min.js: 5 vulnerabilities (highest severity is: 6.5) amaybaum-local/EasyBuggy6#2

Open

AASMACMX mentioned this pull request

CVE-2019-8331 @ Npm-bootstrap-3.1.1 CxDemoInABoxRepos/Java-Webgoat#491

Open

AASMACMX mentioned this pull request

CVE-2019-8331 @ Npm-bootstrap-3.1.1 CxDemoInABoxRepos/Java-Webgoat#793

Open

This was referenced Sep 28, 2023

CVE-2019-8331 (Medium) detected in bootstrap-3.3.7.min.js - autoclosed Mend-JoshN-GHE-SAST/easybuggy#24

Closed

bootstrap-3.3.7.min.js: 5 vulnerabilities (highest severity is: 6.1) Mend-JoshN-GHE-SAST/easybuggy#59

Open

This was referenced Oct 16, 2023

bootstrap-3.3.7.jar: 5 vulnerabilities (highest severity is: 6.1) Mend-JoshN-GHE-SAST/WebGoat#6

Open

bootstrap-3.1.1.min.js: 5 vulnerabilities (highest severity is: 6.1) Mend-JoshN-GHE-SAST/WebGoat#14

Open

mend-app-sh bot mentioned this pull request

bootstrap-3.3.7.min.js: 6 vulnerabilities (highest severity is: 6.1) jorgerdemocorp-mend-selfhosted/EasyBuggyForTesting#3

Open

dimagwhitesourceapp bot mentioned this pull request

bootstrap-3.3.7.min.js: 6 vulnerabilities (highest severity is: 6.1) Dima2022/easybuggy#2

Open

This was referenced Feb 15, 2024

bootstrap-3.3.7.min.js: 5 vulnerabilities (highest severity is: 6.1) Mend-JoshN-GHE-SAST/easybuggy3#2

Open

bootstrap-3.3.7.min.js: 5 vulnerabilities (highest severity is: 6.1) Mend-JoshN-GHE-SAST/easybuggy4#26

Open

dimagwhitesourceapp bot mentioned this pull request

bootstrap-3.3.7.min.js: 6 vulnerabilities (highest severity is: 6.1) Dima2022/easybuggy2#2

Open

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels