XSS vulnerability in readmoreLink setting

Created on 5 July 2023, over 1 year ago
Updated 29 August 2023, about 1 year ago

Problem/Motivation

The readmoreLink setting is vulnerable to a XSS vulnerability.

Steps to reproduce

Use this config:

moreInfoLink: true
readmoreLink: '"><img src="x" onerror="alert(''foo'')">'

tarteaucitron.js does not sanitize the value before using it in the href attribute.

Proposed resolution

Html::escape() could be used to sanitize the string.

🐛 Bug report
Status

Fixed

Version

1.0

Component

Code

Created by

🇫🇷France prudloff Lille

Live updates comments and jobs are added and updated live.
  • Security

    It is used for security vulnerabilities which do not need a security advisory. For example, security issues in projects which do not have security advisory coverage, or forward-porting a change already disclosed in a security advisory. See Drupal’s security advisory policy for details. Be careful publicly disclosing security vulnerabilities! Use the “Report a security vulnerability” link in the project page’s sidebar. See how to report a security issue for details.

Sign in to follow issues

Comments & Activities

Production build 0.71.5 2024