Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[browser dialogs] XSS venerability in file dialog #6976

Closed
caseyflynn-google opened this issue Jan 28, 2020 · 1 comment
Closed

[browser dialogs] XSS venerability in file dialog #6976

caseyflynn-google opened this issue Jan 28, 2020 · 1 comment
Assignees
@caseyflynn-google
Labels
file dialog issues related to the file dialog security issues related to security

Comments

@caseyflynn-google
Copy link
Contributor

Description

There is an XSS venerability in the Create File / Folder dialog.

Reproduction Steps

  1. Click File -> New File to open the New File dialog
  2. In the text box enter <style onload=alert(0)>

The alert is triggered on the page.

theia_file_dialog_xss

OS and Theia version:
Linux
Theia 0.14.0
@caseyflynn-google caseyflynn-google added file dialog issues related to the file dialog security issues related to security labels Jan 28, 2020
@caseyflynn-google caseyflynn-google self-assigned this Jan 28, 2020
@akosyakov
Copy link
Member

Resolved by #6977

@luigigubello luigigubello mentioned this issue Nov 30, 2020
Closed
@luigigubello luigigubello mentioned this issue Dec 16, 2020
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@caseyflynn-google caseyflynn-google

Labels
file dialog issues related to the file dialog security issues related to security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@akosyakov @caseyflynn-google