mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
[CVE-2022-37430] Sanitise mixed case javascript
This commit is contained in:
parent
a7c8ce8d0c
commit
2b5420ee7d
@ -347,7 +347,7 @@ class HTMLEditorSanitiser
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Matches "javascript:" with any arbitrary linebreaks inbetween the characters.
|
// Matches "javascript:" with any arbitrary linebreaks inbetween the characters.
|
||||||
$regex = '/^\s*' . implode('\v*', str_split('javascript:')) . '/';
|
$regex = '/^\s*' . implode('\v*', str_split('javascript:')) . '/i';
|
||||||
// Strip out javascript execution in href or src attributes.
|
// Strip out javascript execution in href or src attributes.
|
||||||
foreach (['src', 'href'] as $dangerAttribute) {
|
foreach (['src', 'href'] as $dangerAttribute) {
|
||||||
if ($el->hasAttribute($dangerAttribute)) {
|
if ($el->hasAttribute($dangerAttribute)) {
|
||||||
|
@ -98,6 +98,12 @@ class HTMLEditorSanitiserTest extends FunctionalTest
|
|||||||
'<iframe></iframe>',
|
'<iframe></iframe>',
|
||||||
'Javascript in the src attribute of an iframe is completely removed'
|
'Javascript in the src attribute of an iframe is completely removed'
|
||||||
],
|
],
|
||||||
|
[
|
||||||
|
'iframe[src]',
|
||||||
|
'<iframe src="jAvAsCrIpT:alert(0);"></iframe>',
|
||||||
|
'<iframe></iframe>',
|
||||||
|
'Mixed case javascript in the src attribute of an iframe is completely removed'
|
||||||
|
],
|
||||||
];
|
];
|
||||||
|
|
||||||
$config = HTMLEditorConfig::get('htmleditorsanitisertest');
|
$config = HTMLEditorConfig::get('htmleditorsanitisertest');
|
||||||
|
Loading…
Reference in New Issue
Block a user