Potential XSS issue in the stylesheets #1

Andreas-Hjortland · 2020-03-09T09:24:37Z

First of all I must thank you for learning me an awesome trick that I didn't know about =)

I noticed that you are inserting the style tag as raw HTML with potentially unescaped parameters. Granted it is not likely this will be exploitable since the web page will need to allow users to set the class name, or any of the drop shadow parameters for this to be exploitable, but it is also relatively simple to fix it.

The fix is replacing

document.head.insertAdjacentHTML('beforeend', `<style>
styles here...
</style>`);

with

const styles = document.createElement('style');
styles.textContent = `
styles here...
`;
document.head.appendChild(styles);

I have attached a JSfiddle here which shows how you can exploit it... Just hit the submit button and you will get an alert.

robinloeffel · 2020-03-09T13:43:34Z

Love it, fixed in 62a8108!

Thank you for taking the time and looking through the source!

robinloeffel self-assigned this Mar 9, 2020

robinloeffel added the enhancement New feature or request label Mar 9, 2020

robinloeffel closed this as completed in 62a8108 Mar 9, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Potential XSS issue in the stylesheets #1

Potential XSS issue in the stylesheets #1

Andreas-Hjortland commented Mar 9, 2020 •

edited

robinloeffel commented Mar 9, 2020

Potential XSS issue in the stylesheets #1

Potential XSS issue in the stylesheets #1

Comments

Andreas-Hjortland commented Mar 9, 2020 • edited

robinloeffel commented Mar 9, 2020

Andreas-Hjortland commented Mar 9, 2020 •

edited