tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #10585 from creative-commoners/pulls/4.11/cve-2022-37430

Browse Source 
Sanitise mixed case javascript
This commit is contained in:
Guy Sartorelli 2022-11-21 13:03:30 +13:00 committed by GitHub
commit 17f1c7ceed
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Forms/HTMLEditor/HTMLEditorSanitiser.php
View File

@ -347,7 +347,7 @@ class HTMLEditorSanitiser
} }
// Matches "javascript:" with any arbitrary linebreaks inbetween the characters. // Matches "javascript:" with any arbitrary linebreaks inbetween the characters.
$regex = '/^\s*' . implode('\v*', str_split('javascript:')) . '/'; $regex = '/^\s*' . implode('\v*', str_split('javascript:')) . '/i';
// Strip out javascript execution in href or src attributes. // Strip out javascript execution in href or src attributes.
foreach (['src', 'href'] as $dangerAttribute) { foreach (['src', 'href'] as $dangerAttribute) {
if ($el->hasAttribute($dangerAttribute)) { if ($el->hasAttribute($dangerAttribute)) {

6
tests/php/Forms/HTMLEditor/HTMLEditorSanitiserTest.php
View File

@ -98,6 +98,12 @@ class HTMLEditorSanitiserTest extends FunctionalTest
'<iframe></iframe>', '<iframe></iframe>',
'Javascript in the src attribute of an iframe is completely removed' 'Javascript in the src attribute of an iframe is completely removed'
], ],
[
'iframe[src]',
'<iframe src="jAvAsCrIpT:alert(0);"></iframe>',
'<iframe></iframe>',
'Mixed case javascript in the src attribute of an iframe is completely removed'
],
]; ];
$config = HTMLEditorConfig::get('htmleditorsanitisertest'); $config = HTMLEditorConfig::get('htmleditorsanitisertest');