Skip to content


Browse files Browse the repository at this point in the history
xss: Stored XSS/Domain Whitelist Bypass
This mitigates a vulnerability reported by haxatron on
[]( where one can bypass the Domain Whitelist
and potentially store XSS via iFrame tags. This adds a new section to the
iFrame REGEX that checks for `@` and denies the iFrame if exists.
  • Loading branch information
JediKev committed Oct 7, 2021
1 parent e90d3be commit 4b4da5b
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion include/class.format.php
Expand Up @@ -341,7 +341,7 @@ function safe_html($html, $options=array()) {
$config['elements'] = '*+iframe';
$config['spec'] = 'iframe=-*,height,width,type,style,src(match="`^(https?:)?//(www\.)?('
.implode('|', $whitelist)
.')/?`i"),frameborder'.($options['spec'] ? '; '.$options['spec'] : '').',allowfullscreen';
.')/?([^@]*)$`i"),frameborder'.($options['spec'] ? '; '.$options['spec'] : '').',allowfullscreen';

return Format::html($html, $config);
Expand Down

0 comments on commit 4b4da5b

Please sign in to comment.