Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix(addons): Fix XSS vulnerabilities in Table and tts-utils (#885)
* sanitize Wiris response against XSS in the Wiris addon

* added tests

* fix(addons): Fix XSS vulnerabilities in Table addon and tts-utils

Co-authored-by: Maciej Zawłocki <mzawlocki@solwit.com>
Co-authored-by: maciej-zawlocki-solwit <34648176+maciej-zawlocki-solwit@users.noreply.github.com>
  • Loading branch information
3 people committed Dec 9, 2022
1 parent 62cf51b commit fa78596
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 2 deletions.
2 changes: 1 addition & 1 deletion addons/Commons/src/tts-utils.js
Expand Up @@ -196,7 +196,7 @@
var breakText = this.statics.breakText;

$clone.find('img[alt]').each(function(){
var altText = $(this).attr('alt');
var altText = window.xssUtils.sanitize($(this).attr('alt'));
$('<span>' + breakText + '</span>').insertBefore($(this));
$('<span>' + breakText + '</span>').insertAfter($(this));
$('<span>' + altText + '</span>').insertAfter($(this));
Expand Down
2 changes: 1 addition & 1 deletion addons/Table/src/presenter.js
Expand Up @@ -133,7 +133,7 @@ function AddonTable_create() {
$(presenter.$view).find('input').each(function () {
$(this).replaceWith(
generateMathGap(
$(this).attr('id'),
window.xssUtils.sanitize($(this).attr('id')),
presenter.configuration.gapWidth.value
)
);
Expand Down
1 change: 1 addition & 0 deletions changelog.txt
@@ -1,3 +1,4 @@
2022-12-09 Fixed XSS vulnerabilities in Table and tts-utils
2022-12-09 Fixed XSS vulnerabilities in some addons
2022-12-08 Fixed script and module-script asset getting relative urls when not appropriate
2022-11-28 Added ModuleScript property
Expand Down

0 comments on commit fa78596

Please sign in to comment.