From b89a35196a7a0aa5ad25f942b8d7bd4ca392eece Mon Sep 17 00:00:00 2001 From: Max Wu Date: Fri, 28 Dec 2018 16:39:13 +0800 Subject: Fix to sanitize disqus shortnames to remove slashes [Security Issue] Signed-off-by: Max Wu --- public/views/shared/disqus.ejs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/public/views/shared/disqus.ejs b/public/views/shared/disqus.ejs index 840d1e38..2311d3fe 100644 --- a/public/views/shared/disqus.ejs +++ b/public/views/shared/disqus.ejs @@ -5,7 +5,7 @@ var disqus_config = function () { }; (function() { var d = document, s = d.createElement('script'); - s.src = 'https://<%= disqus %>.disqus.com/embed.js'; + s.src = 'https://<%= disqus.replace(/[^A-Za-z0-9]+/g, '') %>.disqus.com/embed.js'; s.setAttribute('data-timestamp', +new Date()); (d.head || d.body).appendChild(s); })(); -- cgit v1.2.3 From 067cfe2d1eedc5a58e5548785858e38fbaa0e84b Mon Sep 17 00:00:00 2001 From: Max Wu Date: Fri, 28 Dec 2018 16:42:55 +0800 Subject: Fix to escape html comment tag [Security Issue] Signed-off-by: Max Wu --- public/js/render.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/public/js/render.js b/public/js/render.js index ff5e2bf2..87e5cfdf 100644 --- a/public/js/render.js +++ b/public/js/render.js @@ -45,7 +45,7 @@ var filterXSSOptions = { // allow comment tag if (tag === '!--') { // do not filter its attributes - return html + return html.replace(/<(?!!--)/g, '<').replace(/-->/g, '__HTML_COMMENT_END__').replace(/>/g, '>').replace(/__HTML_COMMENT_END__/g, '-->') } }, onTagAttr: function (tag, name, value, isWhiteAttr) { -- cgit v1.2.3