deno_doc's HTML generator vulnerable to Cross-site Scripting
Description
Published by the National Vulnerability Database
Nov 25, 2024
Published to the GitHub Advisory Database
Nov 25, 2024
Reviewed
Nov 25, 2024
Last updated
Nov 25, 2024
Summary
Several cross-site scripting vulnerabilities existed in the
deno_doc
crate which lead to Self-XSS withdeno doc --html
.Details & PoC
1.) XSS in generated
search_index.js
deno_doc
outputed a JavaScript file for searching. However, the generated file usedinnerHTML
on unsanitzed HTML input.https://github.com/denoland/deno_doc/blob/dc556c848831d7ae48f3eff2ababc6e75eb6b73e/src/html/templates/pages/search.js#L120-L144
2.) XSS via property, method and enum names
deno_doc
did not sanitize property names, method names and enum names.Impact
The first XSS most likely didn't have an impact since
deno doc --html
is expected to be used locally with own packages.References