Browse Source

[WO-03-002] Fix Insecure Regex Usage on DOMPurify Sanitizer Output (Medium)

master
Tankred Hase 8 years ago
parent
commit
246d19b76e
  1. 3
      .jshintrc
  2. 4
      package.json
  3. 23
      src/js/controller/app/read-sandbox.js

3
.jshintrc

@ -46,7 +46,8 @@ @@ -46,7 +46,8 @@
"Lawnchair",
"_",
"openpgp",
"PhoneNumber"
"PhoneNumber",
"DOMPurify"
],
"globals": {}

4
package.json

@ -39,7 +39,7 @@ @@ -39,7 +39,7 @@
"browsersmtp": "https://github.com/whiteout-io/browsersmtp/tarball/master",
"chai": "~1.9.2",
"crypto-lib": "~0.2.1",
"dompurify": "~0.4.2",
"dompurify": "~0.6.3",
"grunt": "~0.4.1",
"grunt-angular-templates": "~0.5.7",
"grunt-autoprefixer": "~0.7.2",
@ -78,4 +78,4 @@ @@ -78,4 +78,4 @@
"assemble": "~0.4.42",
"handlebars-helper-compose": "~0.2.12"
}
}
}

23
src/js/controller/app/read-sandbox.js

@ -1,5 +1,13 @@ @@ -1,5 +1,13 @@
'use strict';
// add DOMPurify hook to sanitze attributes
DOMPurify.addHook('afterSanitizeAttributes', function(node) {
// open all links in a new window
if ('target' in node) {
node.setAttribute('target', '_blank');
}
});
// set listener for event from main window
window.onmessage = function(e) {
var html = '';
@ -13,19 +21,16 @@ window.onmessage = function(e) { @@ -13,19 +21,16 @@ window.onmessage = function(e) {
}
// sanitize HTML content: https://github.com/cure53/DOMPurify
html = window.DOMPurify.sanitize(html);
// make links open in a new window
html = html.replace(/<a /g, '<a target="_blank" ');
// remove sources where necessary
if (e.data.removeImages) {
html = html.replace(/(<img[^>]+\b)src=['"][^'">]+['"]/ig, function(match, prefix) {
return prefix;
// remove http leaks
document.body.innerHTML = DOMPurify.sanitize(html, {
FORBID_TAGS: ['style', 'svg', 'audio', 'video'],
FORBID_ATTR: ['src']
});
} else {
document.body.innerHTML = DOMPurify.sanitize(html);
}
document.body.innerHTML = html;
attachClickHandlers();
};

Loading…
Cancel
Save