mirrors/bootstrap
2
0
Fork 0
mirror of https://github.com/tenrok/bootstrap.git synced 2026-06-05 16:42:29 +03:00
Code Activity

Fix/xss issues on data attributes (#27047)

Browse Source 
* fix(collapse): xss CVE-2018-14040

Fixes #26625

* fix(tooltip): xss CVE-2018-14042

Fixes #26628

* fix(tooltip): XSS on data-viewport attribute

Fixes #27044

* fix(affix): XSS on target config

Fixes #27045
This commit is contained in:
don-spyker
2018-08-13 18:09:18 +02:00
committed by Johann-S
parent 13bf8aeae3
commit 2a5ba23ce8
6 changed files with 49 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
js/tests/unit/affix.js
+15
View File
@@ -104,4 +104,19 @@ $(function () {
}, 250)
}, 250)
})
QUnit.test('should raise exception to avoid xss on target', function (assert) {
assert.expect(1)
assert.throws(function () {
var templateHTML = '<div id="affixTarget"></div>'
$(templateHTML).appendTo(document.body)
$('#affixTarget').bootstrapAffix({
target: '<img src=1 onerror=\'alert(0)\'>'
})
}, new Error('Syntax error, unrecognized expression: <img src=1 onerror=\'alert(0)\'>'))
})
})
js/tests/unit/collapse.js
+10
View File
@@ -440,4 +440,14 @@ $(function () {
.bootstrapCollapse('show')
})
QUnit.test('should raise exception to avoid xss on data-parent', function (assert) {
assert.expect(1)
assert.throws(function () {
$('<a role="button" data-toggle="collapse" data-parent="<img src=1 onerror=\'alert(0)\'>" href="#collapseThree">')
.appendTo('#qunit-fixture')
.bootstrapCollapse('show')
.trigger('click');
}, new Error('Syntax error, unrecognized expression: <img src=1 onerror=\'alert(0)\'>'))
})
})
js/tests/unit/tooltip.js
+18
View File
@@ -1322,4 +1322,22 @@ $(function () {
})
})
QUnit.test('should raise exception to avoid xss on data-container', function (assert) {
assert.expect(1)
assert.throws(function () {
$('<button data-toggle="tooltip" data-container="<img src=1 onerror=\'alert(0)\'>" title="Tooltip on right">Tooltip on right</button>')
.appendTo('#qunit-fixture')
.bootstrapTooltip('show')
}, new Error('Syntax error, unrecognized expression: <img src=1 onerror=\'alert(0)\'>'))
})
QUnit.test('should raise exception to avoid xss on data-viewport', function (assert) {
assert.expect(1)
assert.throws(function () {
$('<button data-toggle="tooltip" data-viewport="<img src=1 onerror=\'alert(0)\'>" title="Tooltip on right">Tooltip on right</button>')
.appendTo('#qunit-fixture')
.bootstrapTooltip('show')
}, new Error('Syntax error, unrecognized expression: <img src=1 onerror=\'alert(0)\'>'))
})
})