This repository has been archived by the owner on Sep 5, 2024. It is now read-only.
mdAutocomplete: XSS vulnerability #2901
Assignees
Milestone
Comments
|
@robertmesserle, @gkalpak - With the commit 33ac259, should this be closed now? |
|
@ThomasBurleson Leave this open, I pushed this fix without any unit tests, so I'd like to leave it open to make sure I don't forget to add that. |
|
(BTW, I am not even sure the fix actually fixes the issue. @robertmesserle, did you test it "manually" ?) |
|
@gkalpak Added unit test, confirmed new fix. I had tested it earlier, but I was rushed and it turns out my test wasn't very good. =p This is why I left this open so I could have a non-rushed look at it. |
|
And 👍 @chr22 for reporting this 😃 |
|
👍 |
|
@chr22 - can you contact via email: ThomasBurleson@Gmail.com. Thx |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
You generate HTML from a string to highlight the matching part of the search string in the result.
https://github.com/angular/material/blob/master/src/components/autocomplete/js/highlightController.js#L11
If the search result is this as a string:
and you search for "x" then the resulting output is this, with a real script-tag that gets executed:
I cant create a CodePen because it won't let me insert a script tag in a javascript string.
I can see that you have some sort of sanitizing with a RegEx, that i cant decipher.
The text was updated successfully, but these errors were encountered: