Skip to content

Commit

Permalink
Merge commit from fork
Browse files Browse the repository at this point in the history 
Fix GHSA-8qqw-rjh4-5gp2
  • Loading branch information
@AngelFQC
AngelFQC authored Oct 11, 2024
1 parent d3c6f5d commit df47eac
Showing 1 changed file with 13 additions and 0 deletions.
13 changes: 13 additions & 0 deletions main/inc/lib/formvalidator/FormValidator.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1106,6 +1106,7 @@ public function addHtmlEditor(

$this->addElement('html_editor', $name, $label, $attributes, $config);
$this->applyFilter($name, 'trim');
$this->applyFilter($name, 'attr_on_filter');
if ($required) {
$this->addRule($name, get_lang('ThisFieldIsRequired'), 'required');
}
Expand Down Expand Up @@ -2097,3 +2098,15 @@ function plain_url_filter($html, $mode = NO_HTML)

return kses_split($html, $allowed_html_fixed, ['http', 'https']);
}

/**
* Prevent execution of event handlers in HTML elements.
*
* @param string $html
* @return string
*/
function attr_on_filter($html) {
$prefix = uniqid('data-cke-').'-';

return preg_replace('/(\s)(on)/i', '$1'.$prefix.'$2', $html);
}

2 comments on commit df47eac

@ywarnier
Copy link
Member

@ywarnier ywarnier commented on df47eac Oct 24, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not strict enough and will replace all "on" ocurrences in any text typed through CKEditor by a string similar to "data-cke-671a164ccbf7b-on".
I opened #5887 about this.

@ywarnier
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed by 368dfaf.

Please sign in to comment.