bleach.clean() on junk/malicious content produces gibberish

[byashimov]

I had a XSS on my website:

a = u"""""><iframe/onload=alert(/XSS/)
ejgirjrigjifjifhrhgijsvishguhisuhhshuxnuesneuschhhhhhhhhhhs 
""><iframe/onload=alert(/XSS/)Секреты покраски
Для наилучшего результата вам потребуется нанести несколько слоев, <div></div>"""

print bleach.clean(a)
""&gt;&lt;iframe onload="alert(/XSS/)" ejgirjrigjifjifhrhgijsvishguhisuhhshuxnuesneuschhhhhhhhhhhs="" ""=""&gt;&lt;iframe onload="alert(/XSS/)Секреты" покраски="" Для="" наилучшего="" результата="" вам="" потребуется="" нанести="" несколько="" слоев,="" &lt;div=""&gt;&lt;/div&gt;

Every word becomes an html attribute.
Latest bleach from pypi is used.
UPD: updated the string, missed extra quote.

[willkg]

What version of html5lib are you using?

[byashimov]

Should I? I just typed pip install bleach and use it.

[willkg]

bleach uses html5lib for parsing html bits out. Knowing the version of html5lib and python, too, helps narrow things down to a test case.

[byashimov]

No problema:

$ pip freeze | grep html5  
html5lib==0.9999999
$ python -V
Python 2.7.11

It also OS X 10.11.5.

[willkg]

Can you walk through the rest of the attack vector and how this became an xss?

[jsocol]

I don't believe this actually an XSS vector because no HTML elements will end up rendered on the page. All of the < / > get properly escaped to < / >

[jsocol]

Also, if you believe you have found an active security vulnerability, please follow the guidelines in the README for reporting it. Publicly disclosing unpatched vulnerabilities puts everyone at risk.

[byashimov]

@jsocol this is an XSS though it is properly removed by bleach.clean(foo, strip=True). But clean also modifies the source text which is unexpected.

[willkg]

@byashimov Given that you really think this is XSS, I need you to report this via our security process. There's not enough information in this bug as is for me to do anything and I'm loathe to continue asking questions to understand the issue in public like this.

See https://github.com/mozilla/bleach/#reporting-bugs for the process.

Given that, I'm going to close this out.

Thank you for reporting!

[willkg]

I misunderstood this issue and thought it was reporting an XSS vector that occurs with the output of bleach.clean(). That's not the case, though.

I'm rescoping this issue to this statement of the original issue description:

Every word becomes an html attribute.

[willkg]

So... my opinion of this is that given the input is junk/malicious, I'm not sure why it's important that the output of bleach.clean() needs to be readable. What is there to be read if it's known junk/malicious?

Beyond that, I don't have an opinion. I suspect that the output is the result of trying to sanitize junk/malicious HTML using the parsing algorithm we're using. I don't know offhand whether we could make it "better".

Given the nature of the issue, I'm not sure it makes sense for me to spend time on it, but if someone else is interested, I'm game for looking at the results of their efforts.