Skip to content

JS: More precise type-test sanitizer guards in unsafe-html-construction #12177

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Feb 27, 2023
Merged

JS: More precise type-test sanitizer guards in unsafe-html-construction #12177

merged 3 commits into from
Feb 27, 2023

Conversation

erik-krogh
Copy link
Contributor

@erik-krogh erik-krogh commented Feb 13, 2023
edited
Loading

CVE-2021-32850: TP
CVE-2022-30241: TP
CVE-2021-32860: TP
CVE-2021-41183: TP

The TypeTestSanitizer was a bit aggresive, it removed a bunch of TPs.
This PR makes the modelling of objects more precise in the unsafe-html-construction query.

Evaluation was uneventful.

@github-actions github-actions bot added the JS label Feb 13, 2023
@erik-krogh erik-krogh force-pushed the alias-html branch 2 times, most recently from 4bd36f4 to 8750a9b Compare February 14, 2023 15:44
@erik-krogh erik-krogh changed the title JS: Add more alias steps JS: Add more alias steps to unsafe-html-construction Feb 14, 2023
@erik-krogh erik-krogh added the no-change-note-required This PR does not need a change note label Feb 14, 2023
@erik-krogh erik-krogh marked this pull request as ready for review February 14, 2023 22:30
@erik-krogh erik-krogh requested a review from a team as a code owner February 14, 2023 22:30
@erik-krogh erik-krogh marked this pull request as draft February 15, 2023 11:52
@erik-krogh erik-krogh changed the title JS: Add more alias steps to unsafe-html-construction JS: More precise type-test sanitizer guards in unsafe-html-construction Feb 15, 2023
@erik-krogh erik-krogh marked this pull request as ready for review February 15, 2023 20:41
@calumgrant calumgrant requested a review from alexrford February 20, 2023 09:38
alexrford
alexrford previously approved these changes Feb 22, 2023
View reviewed changes
Copy link
Contributor

@alexrford alexrford left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@erik-krogh erik-krogh requested a review from a team as a code owner February 27, 2023 08:16
@erik-krogh erik-krogh requested a review from alexrford February 27, 2023 08:16
@erik-krogh
Copy link
Contributor Author

Had to do a merge to fix a conflict in an expected file.
@alexrford can I get a re-approve?

@erik-krogh erik-krogh merged commit 50aa5e0 into github:main Feb 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexrford alexrford alexrford approved these changes

Assignees
No one assigned
Labels
JS no-change-note-required This PR does not need a change note
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@erik-krogh @alexrford