Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This mitigates an XSS vulnerability reported by [The NAVEX Project](https://sisl.lab.uic.edu/projects/chess/) where if an attachment is uploaded via Draft AJAX, the filename stored/returned in the response is not sanitized. This updates `DraftAjaxAPI::_uploadInlineImage()` to sanitize the filename before it's returned in the JSON encoded response. This also updates `AttachmentFile::format()` to sanitize the filename before saving to the backend. In addition this forces the `application/json` Content-Type on all AJAX responses that return strictly JSON; this adds another layer of protection.
- Loading branch information
Showing
4 changed files
with
12 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters