Halaman utama Jelajahi Bantuan
Masuk
biheng
/
uppy
1
0
Fork 0
Berkas Masalah 0 Permintaan Tarik 0 Wiki
Jelajahi Sumber

Safely escape <script> injected code in companion `send-token.js` (#3101)

Fixes #2974
Mikael Finstad 3 tahun lalu
induk
1f0e7a59c0
melakukan
3059d733f6
5 mengubah file dengan 24 tambahan dan 12 penghapusan
Tampilan Split Tampilkan Statistik Diff
  1. 18 0
      package-lock.json
  2. 1 0
      packages/@uppy/companion/package.json
  3. 4 2
      packages/@uppy/companion/src/server/controllers/send-token.js
  4. 0 9
      packages/@uppy/companion/src/server/helpers/utils.js
  5. 1 1
      packages/@uppy/companion/test/__tests__/callback.js

+ 18 - 0
package-lock.json
Tampilan Berkas 

@@ -75765,6 +75765,7 @@
 
         "request": "2.88.2",
 
         "semver": "6.3.0",
 
         "serialize-error": "^2.1.0",
 
+        "serialize-javascript": "^6.0.0",
 
         "tus-js-client": "2.1.1",
 
         "uuid": "8.1.0",
 
         "validator": "^12.1.0",
 
@@ -75998,6 +75999,14 @@
 
         "node": ">=0.10.0"
 
       }
 
     },
 
+    "packages/@uppy/companion/node_modules/serialize-javascript": {
 
+      "version": "6.0.0",
 
+      "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.0.tgz",
 
+      "integrity": "sha512-Qr3TosvguFt8ePWqsvRfrKyQXIiW+nGbYpy8XK24NQHE83caxWt+mIymTT19DGFbNWNLfEwsrkSmN64lVWB9ag==",
 
+      "dependencies": {
 
+        "randombytes": "^2.1.0"
 
+      }
 
+    },
 
     "packages/@uppy/companion/node_modules/supports-color": {
 
       "version": "5.5.0",
 
       "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
 
@@ -89840,6 +89849,7 @@
 
         "request": "2.88.2",
 
         "semver": "6.3.0",
 
         "serialize-error": "^2.1.0",
 
+        "serialize-javascript": "^6.0.0",
 
         "supertest": "3.4.2",
 
         "tus-js-client": "2.1.1",
 
         "typescript": "~4.3",
 
@@ -90006,6 +90016,14 @@
 
           "resolved": "https://registry.npmjs.org/serialize-error/-/serialize-error-2.1.0.tgz",
 
           "integrity": "sha1-ULZ51WNc34Rme9yOWa9OW4HV9go="
 
         },
 
+        "serialize-javascript": {
 
+          "version": "6.0.0",
 
+          "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.0.tgz",
 
+          "integrity": "sha512-Qr3TosvguFt8ePWqsvRfrKyQXIiW+nGbYpy8XK24NQHE83caxWt+mIymTT19DGFbNWNLfEwsrkSmN64lVWB9ag==",
 
+          "requires": {
 
+            "randombytes": "^2.1.0"
 
+          }
 
+        },
 
         "supports-color": {
 
           "version": "5.5.0",
 
           "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",

+ 1 - 0
packages/@uppy/companion/package.json
Tampilan Berkas 

@@ -64,6 +64,7 @@
 
     "request": "2.88.2",
 
     "semver": "6.3.0",
 
     "serialize-error": "^2.1.0",
 
+    "serialize-javascript": "^6.0.0",
 
     "tus-js-client": "2.1.1",
 
     "uuid": "8.1.0",
 
     "validator": "^12.1.0",

+ 4 - 2
packages/@uppy/companion/src/server/controllers/send-token.js
Tampilan Berkas 

@@ -1,6 +1,8 @@
 
 const { URL } = require('url')
 
+const serialize = require('serialize-javascript')
 
+
 
 const tokenService = require('../helpers/jwt')
 
-const { hasMatch, sanitizeHtml } = require('../helpers/utils')
 
+const { hasMatch } = require('../helpers/utils')
 
 const oAuthState = require('../helpers/oauth-state')
 
 
 /**
 
@@ -15,7 +17,7 @@ const htmlContent = (token, origin) => {
 
     <head>
 
         <meta charset="utf-8" />
 
         <script>
 
-          window.opener.postMessage(${sanitizeHtml(JSON.stringify({ token }))}, ${sanitizeHtml(JSON.stringify(origin))})
 
+          window.opener.postMessage(${serialize({ token })}, ${serialize(origin)})
 
           window.close()
 
         </script>
 
     </head>

+ 0 - 9
packages/@uppy/companion/src/server/helpers/utils.js
Tampilan Berkas 

@@ -31,15 +31,6 @@ exports.jsonStringify = (data) => {
 
   })
 
 }
 
 
-/**
 
- * Does a simple html sanitization on the passed value
 
- *
 
- * @param {string} text
 
- */
 
-exports.sanitizeHtml = (text) => {
 
-  return text ? text.replace(/<\/?[^>]+(>|$)/g, '') : text
 
-}
 
-
 
 // all paths are assumed to be '/' prepended
 
 /**
 
  * Returns a url builder

+ 1 - 1
packages/@uppy/companion/test/__tests__/callback.js
Tampilan Berkas 

@@ -37,7 +37,7 @@ describe('test authentication callback', () => {
 
     <head>
 
         <meta charset="utf-8" />
 
         <script>
 
-          window.opener.postMessage({"token":"${token}"}, "http://localhost:3020")
 
+          window.opener.postMessage({"token":"${token}"}, "http:\\u002F\\u002Flocalhost:3020")
 
           window.close()
 
         </script>
 
     </head>