New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[core] JS Injection/XSS Vulnerability in SetClipboardText #2954
Comments
|
That's a good catch with respect to URLs. Will %-encoding get around this protection though? |
|
Hi @orcmid , not so much %-encoding; the problem is in breaking out of the |
|
@spaceraccoon thank you very much for reporting! I'm reviewing it right now, at least a basic solution not implying generating new string data, like in |
WARNING: Please, read this note carefully before submitting a new issue:
It is important to realise that this is NOT A SUPPORT FORUM, this is for reproducible BUGS with raylib ONLY.
There are lots of generous and helpful people ready to help you out on raylib Discord forum or raylib reddit.
Remember that asking for support questi
Uploading raylib-game-template.zip…
ons here actively takes developer time away from improving raylib.
Please, before submitting a new issue verify and check:
Issue description
The
SetClipboardTextAPI is vulnerable to JavaScript injection/cross-site scripting for the web platform because it does not properly escape the'character, allowing attacker-controlled input to break out of the string and execute arbitrary JavaScript viaemscripten_run_script.If
textcontains something like');alert()//, the browser would also execute thealert()function.I noticed that
OpenUrlalready implements a check for this but it is missing forSetClipboardText.This is a good start and prevented
OpenUrlfrom being exploited. I recommend adding a sanitization function to escape any'characters instead for all 5 calls toemscripten_run_script: https://github.com/search?q=repo%3Araysan5%2Fraylib+emscripten_run_script&type=code.Environment
Provide your Platform, Operating System, OpenGL version, GPU details where you experienced the issue.
Web
Issue Screenshot
If possible, provide a screenshot that illustrates the issue. Usually an image is better than a thousand words.
Code Example
Uploading raylib-game-template.zip…
Provide minimal reproduction code to test the issue. Please, format the code properly and try to keep it as simple as possible, just focusing on the experienced issue.
SetClipboardText("asd');alert('fizz');//");inint main(void)inraylib-game-template/src/raylib_game.cto simulateSetClipboardTextbeing called with malicious user input.make PLATFORM=PLATFORM_WEBthen browse to the hostedraylib_game.html. The alert box will pop.The text was updated successfully, but these errors were encountered: