Skip to content

Commit

Permalink
feat(security): sanitize HTML and JSON to prevent XSS
Browse files Browse the repository at this point in the history 
Ensure `compiled_html` and JSON data are sanitized using `wp_kses_post` to block potentially unsafe inputs. Added filtering for "javascript:" schemes and inline event handlers to mitigate XSS vulnerabilities.
  • Loading branch information
@alecszaharia
alecszaharia committed Dec 12, 2024
1 parent 50c8580 commit 684ec5d
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 0 deletions.
5 changes: 5 additions & 0 deletions editor/post.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -411,6 +411,11 @@ public function get_compiled_html()
public function set_compiled_html($compiled_html)
{
$compiled_html = Brizy_SiteUrlReplacer::hideSiteUrl($compiled_html);

if ( !current_user_can( 'unfiltered_html' ) ) {
$compiled_html = wp_kses_post($compiled_html);
}

$this->compiled_html = $compiled_html;
return $this;
}
Expand Down
2 changes: 2 additions & 0 deletions editor/trait/sanitize.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,12 @@ public function sanitizeJson( $data ) {

return $styles;
} );

$dataDecoded = wp_kses_post_deep( $dataDecoded );
//$dataDecoded = $this->escapeJsonValues( $dataDecoded );
$data = json_encode( $dataDecoded );
$data = preg_replace( '/javascript:.*?"/', '"', $data );
$data = preg_replace( '/javascript%3A.*?%22/', '%22', $data );
$data = preg_replace( '/(on(click|mouseover|keydown|keyup|change|submit|load|error|focus|blur|select|dblclick))\s*[:=]\s*(\\\"|\\\')(.*?)(\3)/i', '', $data );

return $data;
Expand Down

0 comments on commit 684ec5d

Please sign in to comment.