mirrors/CyberChef
1
0
Fork 0
mirror of https://github.com/gchq/CyberChef.git synced 2025-04-24 00:36:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(RecipeWaiter): sanitize user input in addOperation to prevent XSS

Browse source
This commit is contained in:
heaprc 2025-04-05 00:18:54 +02:00
parent 848660f8e1
commit 857576dbe4
3 changed files with 22 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/web/waiters/RecipeWaiter.mjs
View file

@ -8,6 +8,7 @@ import HTMLOperation from "../HTMLOperation.mjs";
import Sortable from "sortablejs";
import Utils from "../../core/Utils.mjs";
import {escapeControlChars} from "../utils/editorUtils.mjs";
import DOMPurify from 'dompurify';
/**
@ -435,7 +436,9 @@ class RecipeWaiter {
const item = document.createElement("li");
item.classList.add("operation");
item.innerHTML = name;
const clean = DOMPurify.sanitize(name);
item.innerHTML = clean;
this.buildRecipeOperation(item);
document.getElementById("rec-list").appendChild(item);