Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix(FEC-11791): share url has cross-site scripting vulnerability (#4255)
**description of the issue:**
when share plugin is enabled for the player, the share url is not being sanitized, which exposes a security vulnerability.

**the solution:**
sanitizing encoded and decoded share url.

Solves FEC-11791
  • Loading branch information
lianbenjamin committed Jan 3, 2022
1 parent 50cfaa5 commit 4f11b6f
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion modules/KalturaSupport/components/share/share.js
Expand Up @@ -616,7 +616,8 @@
res = document.URL;
}
}
return res;
var sanitized = kWidget.sanitize(decodeURIComponent(res));
return encodeURIComponent(sanitized);
}
// -------------- finish setup player url according to the socialShareURL flashvar ------- //

Expand Down

0 comments on commit 4f11b6f

Please sign in to comment.