Inproper data handling leads to crashes and local code execution #25

Closed
ecneladis opened this Issue Feb 24, 2014 · 3 comments

Comments

Projects
None yet
2 participants
@ecneladis

ecneladis commented Feb 24, 2014

Multiple outputs are not properly sanitised.

Examples

Filenames in perspectiveList

Filenames are not properly sanitised. Proof of concept:

touch "<img src=x onerror=alert(1)>qwerty"

viewerBrowser, viewerMD, viewerText and editorHTML

It's is possible to render any html code and because of node-webkit architecture we have ability to access the file system or execute arbitrary command using nodejs modules.

<script>
   var exec = require('child_process').exec;
   exec('uname -a',function (error, stdout, stdin) {alert(stdout)});
</script> 
Location name in remove dialog

Same situation as in viewers

Tag names

Special characters lead to unspecified behaviour and crashes.

Solutions

@uggrock

This comment has been minimized.

Show comment
Hide comment
@uggrock

uggrock Feb 24, 2014

Member

Thank you for your great input! I will try to fix these issues for the next release.

Member

uggrock commented Feb 24, 2014

Thank you for your great input! I will try to fix these issues for the next release.

@ecneladis

This comment has been minimized.

Show comment
Hide comment
@ecneladis

ecneladis Feb 27, 2014

Regarding 85c2ceb and 216cfc4, use some existing library to prevent javascript injection. Preventing XSS is not a trivial task, it's very difficult to blacklist all the possibilities.

Regarding 85c2ceb and 216cfc4, use some existing library to prevent javascript injection. Preventing XSS is not a trivial task, it's very difficult to blacklist all the possibilities.

@uggrock

This comment has been minimized.

Show comment
Hide comment
@uggrock

uggrock Feb 28, 2014

Member

I am aware of the fact that XSS fixing is not trivial task. In my commits I was searching for a quick fix of the issues you mentioned. In a future releases of tagspaces I will definitely consider integrating of some library for the XSS prevention.

Member

uggrock commented Feb 28, 2014

I am aware of the fact that XSS fixing is not trivial task. In my commits I was searching for a quick fix of the issues you mentioned. In a future releases of tagspaces I will definitely consider integrating of some library for the XSS prevention.

@uggrock uggrock closed this Oct 2, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment