[vulnerability] HTML/SVG responses with irregular extensions are not hooked #314

t2ym · 2019-08-28T04:13:41Z

[vulnerability] HTML/SVG responses with irregular extensions are not hooked

Root Causes

Only extensions are checked for HTML/SVG detection
Content-Type headers are ignored

Fix

diff --git a/lib/service-worker.js b/lib/service-worker.js
index 21074c79..899609bb 100644
--- a/lib/service-worker.js
+++ b/lib/service-worker.js
@@ -288,8 +288,8 @@ module.exports = function (hook, preprocess) {
                     }
                   });
                 }
-                else if (url.pathname.match(/(\/|[.]html?|[.]svg)$/)) {
-                  let isSVG = url.pathname.match(/([.]svg)$/);
+                else if (url.pathname.match(/(\/|[.]html?|[.]svg)$/) || response.headers.get('content-type').match(/^text\/html|image\/svg\+xml/)) {
+                  let isSVG = url.pathname.match(/([.]svg)$/) || response.headers.get('content-type').match(/^image\/svg\+xml/);
                   let original;
                   let decoded;
                   let contextGeneratorScripts = [];

… as well as extensions

t2ym added the vulnerability label Aug 28, 2019

t2ym added a commit that referenced this issue Aug 28, 2019

0.3.4 with [vulnerability] Fix #314 Detect HTML/SVG with content-type…

3804de9

… as well as extensions

t2ym closed this as completed in 35f6f26 Aug 28, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[vulnerability] HTML/SVG responses with irregular extensions are not hooked #314

[vulnerability] HTML/SVG responses with irregular extensions are not hooked #314

t2ym commented Aug 28, 2019

[vulnerability] HTML/SVG responses with irregular extensions are not hooked #314

[vulnerability] HTML/SVG responses with irregular extensions are not hooked #314

Comments

t2ym commented Aug 28, 2019

Root Causes

Fix