Skip to content
Permalink
Browse files Browse the repository at this point in the history
SECURITY: Sanitize d-popover attributes (#13958)
  • Loading branch information
nbianca committed Aug 5, 2021
1 parent bb2c48b commit 3819942
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 8 deletions.
8 changes: 1 addition & 7 deletions app/assets/javascripts/discourse/app/lib/d-popover.js
Expand Up @@ -16,8 +16,7 @@ const D_ARROW_HEIGHT = 10;

const D_HORIZONTAL_MARGIN = 5;

export const POPOVER_SELECTORS =
"[data-html-popover], [data-html-tooltip], [data-popover], [data-tooltip]";
export const POPOVER_SELECTORS = "[data-popover], [data-tooltip]";

export function hidePopover() {
getPopover().fadeOut().remove();
Expand Down Expand Up @@ -55,11 +54,6 @@ export function showPopover(event, options = {}) {
}

function setPopoverHtmlContent($enteredElement, content) {
content =
content ||
$enteredElement.attr("data-html-popover") ||
$enteredElement.attr("data-html-tooltip");

replaceHtmlContent($enteredElement, content);
}

Expand Down
Expand Up @@ -136,6 +136,11 @@ module("Unit | Utility | sanitizer", function () {
);

cooked(`<div dir="rtl">RTL text</div>`, `<div dir="rtl">RTL text</div>`);

cooked(
`<div data-value="<something>" data-html-value="<something>"></div>`,
`<div data-value="&lt;something&gt;"></div>`
);
});

test("ids on headings", function (assert) {
Expand Down
4 changes: 3 additions & 1 deletion app/assets/javascripts/pretty-text/addon/sanitizer.js
Expand Up @@ -75,7 +75,9 @@ export function sanitize(text, allowLister) {
if (
(forAttr &&
(forAttr.indexOf("*") !== -1 || forAttr.indexOf(value) !== -1)) ||
(name.indexOf("data-") === 0 && forTag["data-*"]) ||
(name.indexOf("data-html-") === -1 &&
name.indexOf("data-") === 0 &&
forTag["data-*"]) ||
(tag === "a" &&
name === "href" &&
hrefAllowed(value, extraHrefMatchers)) ||
Expand Down

0 comments on commit 3819942

Please sign in to comment.