Headline
CVE-2023-1527: sec(VTLIB) purify clean javascript in href · tsolucio/corebos@aaaca69
Cross-site Scripting (XSS) - Generic in GitHub repository tsolucio/corebos prior to 8.0.
@@ -480,6 +480,16 @@ function vtlib_purify($input, $ignore = false) {
}
} else { // Simple type
$value = $__htmlpurifier_instance->purify($input);
if (strpos($value, ‘<a’) !== false && strpos($value, ‘javascript’) !== false) {
$dom = new DOMDocument;
$dom->loadHTML($value, LIBXML_HTML_NODEFDTD | LIBXML_HTML_NOIMPLIED);
foreach ($dom->getElementsByTagName(‘a’) as $node) {
if ($node->hasAttribute(‘href’) && !filter_var($node->getAttribute(‘href’), FILTER_VALIDATE_URL) !== false) {
$node->removeAttribute(‘href’);
$value = trim($dom->saveHTML(), “\n”);
}
}
}
}
}
}