Security Fix for Cross-site Scripting (XSS) - huntr.dev

[huntr-helper]

https://huntr.dev/users/d3v53c has fixed the Cross-site Scripting (XSS) vulnerability 🔨. Think you could fix a vulnerability like this?

Get involved at https://huntr.dev/

Q | A
Version Affected | ALL
Bug Fix | YES
Original Pull Request | 418sec#1
Vulnerability README | https://github.com/418sec/huntr/blob/master/bounties/npm/d2b/1/README.md

User Comments:

📊 Metadata *

d2b is vulnerable to Cross-Site Scripting (XSS).

Bounty URL: https://www.huntr.dev/bounties/1-npm-d2b

⚙️ Description *

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

💻 Technical Description *

Cross-Site Scripting (XSS) attacks are mitigated by sanitizing the user inputs before rendering, thereby preventing malicious execution.

🐛 Proof of Concept (PoC) *

1. Open https://www.npmjs.com/package/d2b
2. Open docs http://docs.d2bjs.org/ (You can see the d2b API references here.)
3. Select any chart(Ex:pie chart http://docs.d2bjs.org/chartsAdvanced/pie.html)
4. Edit in Codesandbox https://codesandbox.io/s/github/d2bjs/demos/tree/master/charts/pie/default-donut?from-embed
5. We can change the version("d2b": "1.0.12")in package.json https://codesandbox.io/s/d2b-pie-default-donut-demo-forked-seghw?file=/package.json:231-246 see the screenshots.
6. Insert the xss payload in any of the label field in data. EX: {label: 'arc 1"><img src=x onerror=alert(1)>', value: 23},
7. XSS payload will get executed.

🔥 Proof of Fix (PoF) *

Before:

After:

👍 User Acceptance Testing (UAT)

After the fix, functionality is unaffected.