SXSS Demo Application

This is a demo application that demonstrates proper sanitization of raw html entered via a rich text editor

Running the application

1. install node v20
2. run npm ci
3. run node app.js
4. visit http://localhost:3000/sanitized.html to test the sanitized input
5. visit http://localhost:3000/unsanitized.html to test the unsanitized input

Exploting the vulnerability

1. Run the following curl command:

   curl --request POST \
   --url http://localhost:3000/unsanitzed \
   --header 'Content-Type: application/json' \
   --data '{
   "richText": "<img src='\''x'\'' onerror='\''alert(1)'\''>"
   }'

2. After running the command copy the id that was returned and paste it in the post query parameter of the unsanitzed.html url:

   http://localhost:3000/unsanitized.html?post=your-id-goes-here
   

   You should see an alert popup appear. This verifies that you have exploited the sxss vulnerability.

3. Repeat step 2 this time using the sanitized url:

   http://localhost:3000/sanitized.html?post=your-id-goes-here
   

   You should no longer see the alert popup. This verifies that the injected javascript has been sanitized.