jgaunt/CyberChef
2
0
Fork 0
mirror of https://github.com/gchq/CyberChef synced 2025-12-14 23:33:25 +00:00
Code Issues Releases Wiki Activity

fix(RecipeWaiter): sanitize user input in addOperation to prevent XSS

Browse Source
This commit is contained in:
heaprc
2025-04-05 00:18:54 +02:00
parent 848660f8e1
commit 857576dbe4
3 changed files with 22 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/web/waiters/RecipeWaiter.mjs
View File

@@ -8,6 +8,7 @@ import HTMLOperation from "../HTMLOperation.mjs";
import Sortable from "sortablejs";
import Utils from "../../core/Utils.mjs";
import {escapeControlChars} from "../utils/editorUtils.mjs";
import DOMPurify from 'dompurify';
/**
@@ -435,7 +436,9 @@ class RecipeWaiter {
const item = document.createElement("li");
item.classList.add("operation");
item.innerHTML = name;
const clean = DOMPurify.sanitize(name);
item.innerHTML = clean;
this.buildRecipeOperation(item);
document.getElementById("rec-list").appendChild(item);