Skip to content
Permalink
Browse files

fix: [security] Fix persistent xss due to invalid sanitisation of ima…

…ge names in titles

- triggered by expanding a screenshot

- as reported by João Lucas Melo Brasio from Elytron Security S.A. (https://elytronsecurity.com)
  • Loading branch information...
iglocska committed May 7, 2019
1 parent 6f6fb67 commit 62f15433e42fb92e45bd57dd6fc0c0bf53deb6fc
Showing with 3 additions and 1 deletion.
  1. +3 −1 app/webroot/js/misp.js
@@ -97,7 +97,9 @@ function screenshotPopup(url, title) {
if (!url.startsWith('data:image/')) {
url = url.slice(0, -1);
}
popupHtml = '<it class="fa fa-spin fa-spinner" style="font-size: xx-large; color: white; position: fixed; left: 50%; top: 50%;"></it>'
popupHtml = '<it class="fa fa-spin fa-spinner" style="font-size: xx-large; color: white; position: fixed; left: 50%; top: 50%;"></it>';
url = $('<div>').text(url).html();
title = $('<div>').text(title).html();
popupHtml += '<img class="screenshot_box-content hidden" src="' + url + '" id="screenshot-image" title="' + title + '" alt="' + title + '" onload="$(this).show(); $(this).parent().find(\'.fa-spinner\').remove();"/>';
popupHtml += '<div class="close-icon useCursorPointer" onClick="closeScreenshot();"></div>';
if (!url.startsWith('data:image/')) {

0 comments on commit 62f1543

Please sign in to comment.
You can’t perform that action at this time.