Fixed reflected XSS described in issue 1265

2025-04-21 23:36:16 -04:00 · 2021-10-29 17:59:02 +01:00 · 2021-10-29 17:59:02 +01:00 · d2174725a9
commit d2174725a9
parent ae1b12c120
3 changed files with 7 additions and 3 deletions
--- a/src/core/operations/ScatterChart.mjs
+++ b/src/core/operations/ScatterChart.mjs
@ -87,7 +87,7 @@ class ScatterChart extends Operation {
        const recordDelimiter = Utils.charRep(args[0]),
            fieldDelimiter = Utils.charRep(args[1]),
            columnHeadingsAreIncluded = args[2],
-            fillColour = args[5],
+            fillColour = Utils.escapeHtml(args[5]),
            radius = args[6],
            colourInInput = args[7],
            dimension = 500;
--- a/src/core/operations/SeriesChart.mjs
+++ b/src/core/operations/SeriesChart.mjs
@ -72,7 +72,10 @@ class SeriesChart extends Operation {
            fieldDelimiter = Utils.charRep(args[1]),
            xLabel = args[2],
            pipRadius = args[3],
-            seriesColours = args[4].split(","),
+            // Escape HTML from all colours to prevent reflected XSS. See https://github.com/gchq/CyberChef/issues/1265
+            seriesColours = args[4].split(",").map((colour) => {
+                return Utils.escapeHtml(colour)
+            }),
            svgWidth = 500,
            interSeriesPadding = 20,
            xAxisHeight = 50,