fix: sanitize CLI plugin descriptions to prevent HTML/script injection#2532
Merged
Conversation
The CLI plugins list page is generated at build time by querying GitHub
for repos tagged with the `stellar-cli-plugin` topic and injecting each
repo's description verbatim into MDX. Because MDX renders HTML/JSX, an
attacker-controlled repo description containing a <script> tag executes
in visitors' browsers (stored XSS).
A repo (haqnawaz03329-debug/haqnawaz) exploited this with a description
of `<script>alert('Website Hacked by Haq Nawaz!')</script>`, surfacing a
popup on the published plugins-list page.
Escape HTML/MDX-significant characters (& < > { }) in all injected
GitHub fields, run URLs through encodeURI, and exclude the offending
repo. Anyone can self-tag a repo with the topic, so sanitization is the
durable fix.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
briwylde08
approved these changes
Jun 25, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Hardens the build-time generator for the Stellar CLI plugins list page by ensuring attacker-controlled GitHub repository metadata can’t inject executable HTML/JSX into the generated MDX.
Changes:
- Add a
sanitize()helper to escape HTML/MDX-significant characters in injected GitHub fields. - Encode GitHub repository URLs before inserting them into MDX links.
- Add the known offending repository to
excludePluginsas a belt-and-suspenders measure.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
Preview is available here: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The CLI plugins list page (
/docs/tools/cli/plugins-list) is generated at build time byscripts/stellar_cli_plugins.mjs, which queries GitHub for any repo tagged with thestellar-cli-plugintopic and injects each repo'sdescriptionverbatim into the MDX file.Because MDX renders HTML/JSX, an attacker-controlled repo description containing a
<script>tag executes in visitors' browsers — a stored XSS.A repo (
haqnawaz03329-debug/haqnawaz) exploited this with the description:…which produced a "Website Hacked by Haq Nawaz!" popup on the published page.
This vulnerability has existed since the feature shipped in #1900 (
3010ea33). The malicious payload itself was never committed to this repo — it's pulled in dynamically at build time from the external repo.Fix
sanitize()helper that escapes HTML/MDX-significant characters (& < > { }) in all injected GitHub fields (covers both HTML<script>and MDX/JSX{...}expression injection).encodeURI.excludePlugins.Anyone can self-tag a repo with the topic, so sanitization — not just blocking one repo — is the durable fix.
Follow-ups (not in this PR)
haqnawaz03329-debug/haqnawazto GitHub for TOS abuse.🤖 Generated with Claude Code