1
0
mirror of https://github.com/moparisthebest/mail synced 2024-11-24 18:02:15 -05:00

[WO-03-002] Fix Insecure Regex Usage on DOMPurify Sanitizer Output (Medium)

This commit is contained in:
Tankred Hase 2015-04-17 20:32:34 +02:00
parent 55406cf7e8
commit 246d19b76e
3 changed files with 18 additions and 12 deletions

View File

@ -46,7 +46,8 @@
"Lawnchair", "Lawnchair",
"_", "_",
"openpgp", "openpgp",
"PhoneNumber" "PhoneNumber",
"DOMPurify"
], ],
"globals": {} "globals": {}

View File

@ -39,7 +39,7 @@
"browsersmtp": "https://github.com/whiteout-io/browsersmtp/tarball/master", "browsersmtp": "https://github.com/whiteout-io/browsersmtp/tarball/master",
"chai": "~1.9.2", "chai": "~1.9.2",
"crypto-lib": "~0.2.1", "crypto-lib": "~0.2.1",
"dompurify": "~0.4.2", "dompurify": "~0.6.3",
"grunt": "~0.4.1", "grunt": "~0.4.1",
"grunt-angular-templates": "~0.5.7", "grunt-angular-templates": "~0.5.7",
"grunt-autoprefixer": "~0.7.2", "grunt-autoprefixer": "~0.7.2",

View File

@ -1,5 +1,13 @@
'use strict'; 'use strict';
// add DOMPurify hook to sanitze attributes
DOMPurify.addHook('afterSanitizeAttributes', function(node) {
// open all links in a new window
if ('target' in node) {
node.setAttribute('target', '_blank');
}
});
// set listener for event from main window // set listener for event from main window
window.onmessage = function(e) { window.onmessage = function(e) {
var html = ''; var html = '';
@ -13,19 +21,16 @@ window.onmessage = function(e) {
} }
// sanitize HTML content: https://github.com/cure53/DOMPurify // sanitize HTML content: https://github.com/cure53/DOMPurify
html = window.DOMPurify.sanitize(html);
// make links open in a new window
html = html.replace(/<a /g, '<a target="_blank" ');
// remove sources where necessary
if (e.data.removeImages) { if (e.data.removeImages) {
html = html.replace(/(<img[^>]+\b)src=['"][^'">]+['"]/ig, function(match, prefix) { // remove http leaks
return prefix; document.body.innerHTML = DOMPurify.sanitize(html, {
FORBID_TAGS: ['style', 'svg', 'audio', 'video'],
FORBID_ATTR: ['src']
}); });
} else {
document.body.innerHTML = DOMPurify.sanitize(html);
} }
document.body.innerHTML = html;
attachClickHandlers(); attachClickHandlers();
}; };