XSS safe mode to prevent unsanitised input
This commit is contained in:
parent
af2071c60c
commit
ce61af1331
|
@ -354,7 +354,7 @@ describe("validate", () => {
|
|||
"1' OR '1' = '1",
|
||||
"' OR 'a' = 'a",
|
||||
"<script>alert('XSS');</script>",
|
||||
"\"><img src=x onerror=alert(1)>",
|
||||
'"><img src=x onerror=alert(1)>',
|
||||
"</script><script>alert('test')</script>",
|
||||
"<div onmouseover=\"alert('XSS')\">Hover over me!</div>",
|
||||
"'; EXEC sp_msforeachtable 'DROP TABLE ?'; --",
|
||||
|
@ -362,14 +362,16 @@ describe("validate", () => {
|
|||
"UNION SELECT * FROM users",
|
||||
"INSERT INTO users (username, password) VALUES ('admin', 'password')",
|
||||
"/* This is a comment */ SELECT * FROM users",
|
||||
"<iframe src=\"http://malicious-site.com\"></iframe>"
|
||||
])('test potentially unsafe input: %s', async input => {
|
||||
'<iframe src="http://malicious-site.com"></iframe>',
|
||||
])("test potentially unsafe input: %s", async input => {
|
||||
environment.XSS_SAFE_MODE = true
|
||||
const table = getTable()
|
||||
const row = { text: input }
|
||||
const output = await validate({ source: table, row })
|
||||
expect(output.valid).toBe(false)
|
||||
expect(output.errors).toBe(["Input not sanitised - potentially vulnerable to XSS"])
|
||||
expect(output.errors).toBe([
|
||||
"Input not sanitised - potentially vulnerable to XSS",
|
||||
])
|
||||
environment.XSS_SAFE_MODE = false
|
||||
})
|
||||
})
|
||||
|
|
|
@ -44,7 +44,8 @@ const SQL_CLIENT_SOURCE_MAP: Record<SourceName, SqlClient | undefined> = {
|
|||
[SourceName.BUDIBASE]: undefined,
|
||||
}
|
||||
|
||||
const XSS_INPUT_REGEX = /[<>;"'(){}]|--|\/\*|\*\/|union|select|insert|drop|delete|update|exec|script/i
|
||||
const XSS_INPUT_REGEX =
|
||||
/[<>;"'(){}]|--|\/\*|\*\/|union|select|insert|drop|delete|update|exec|script/i
|
||||
|
||||
export function getSQLClient(datasource: Datasource): SqlClient {
|
||||
if (!isSQL(datasource)) {
|
||||
|
@ -228,7 +229,9 @@ export async function validate({
|
|||
|
||||
if (env.XSS_SAFE_MODE && typeof row[fieldName] === "string") {
|
||||
if (XSS_INPUT_REGEX.test(row[fieldName])) {
|
||||
errors[fieldName] = ['Input not sanitised - potentially vulnerable to XSS']
|
||||
errors[fieldName] = [
|
||||
"Input not sanitised - potentially vulnerable to XSS",
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue