Fix security breach.

2025-11-04 04:04:20 +00:00 · 2018-12-08 19:03:53 +01:00
parent 089739e141
commit c2eba7b3be
2 changed files with 24 additions and 1 deletions
--- a/assets/js/common/utils.js
+++ b/assets/js/common/utils.js
@@ -593,3 +593,26 @@ function dataURItoBlob(dataURI){
 	return new Blob([ia], {type: mimeString});

 }
+
+/**
+ * Satinize some HTML source code by removing all javascript event detectors
+ * from it 
+ * 
+ * @param {string} html The source code to update
+ * @return {string} Secured html
+ */
+function removeJavascriptEventsFromHTML(html){
+	
+	//Check if the string to check is null (we will consider
+	//at safe in this case)
+	if(html == null)
+		return html;
+
+	//Search for unexceptable references
+	while(html.match(/on[a-zA-Z ]+=/i) != null){
+		let match = html.match(/on[a-zA-Z ]+=/i)[0];
+		html = html.replace(match, match.replace("on", "o<block></block>n"))
+	}
+
+	return html;
+}
--- a/assets/js/components/posts/ui.js
+++ b/assets/js/components/posts/ui.js
@@ -826,7 +826,7 @@ ComunicWeb.components.posts.ui = {
 			appendTo: postRoot,
 			type: "div",
 			class: "post_content",
-			innerHTML: info.content
+			innerHTML: removeJavascriptEventsFromHTML(info.content)
 		});

 		//Parse emojies