Skip to content

Commit

Permalink
Updated for proper <style> tag validation
Browse files Browse the repository at this point in the history
Validated <style> tag attributes to fix style tag XSS in MagixSAXFilter.java
  • Loading branch information
vivekchsm committed Dec 19, 2016
1 parent 90550e4 commit 7313931
Showing 1 changed file with 5 additions and 6 deletions.
11 changes: 5 additions & 6 deletions src/main/java/org/owasp/validator/html/scan/MagicSAXFilter.java
Original file line number Diff line number Diff line change
Expand Up @@ -271,11 +271,6 @@ public void startElement(QName element, XMLAttributes attributes, Augmentations

boolean isStyle = "style".endsWith(element.localpart);

if (isStyle) {
this.operations.push(Ops.CSS);
cssContent = new StringBuffer();
cssAttributes = attributes;
} else {
// validate all attributes, we need to do this now to find out
// how to deal with the element
boolean removeTag = false;
Expand Down Expand Up @@ -352,6 +347,10 @@ public void startElement(QName element, XMLAttributes attributes, Augmentations

if (removeTag) {
this.operations.push(Ops.REMOVE);
} else if (isStyle) {
this.operations.push(Ops.CSS);
cssContent = new StringBuffer();
cssAttributes = validattributes;
} else if (filterTag) {
this.operations.push(Ops.FILTER);
} else {
Expand All @@ -368,7 +367,7 @@ public void startElement(QName element, XMLAttributes attributes, Augmentations

this.operations.push(Ops.KEEP);
}
}

} else if (tag.isAction( "truncate")) {
this.operations.push(Ops.TRUNCATE);
} else {
Expand Down

1 comment on commit 7313931

@YAOY32
Copy link

@YAOY32 YAOY32 commented on 7313931 Aug 15, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The XSS vulnerability has been fixed with the fix style tag. Bypassing library protection and providing executable code by submitting a specially crafted input (a tag that supports a style with active content).

Please sign in to comment.