Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Highlighter 组件有 XSS 漏洞 #176

Closed
Carrotzpc opened this issue Jul 5, 2024 · 2 comments
Closed

[Bug] Highlighter 组件有 XSS 漏洞 #176

Carrotzpc opened this issue Jul 5, 2024 · 2 comments
Labels
🐛 Bug Something isn't working | 缺陷 ✅ Fixed Fixed | 已修复

Comments

@Carrotzpc
Copy link

💻 系统环境 | Operating System

Windows

🌐 浏览器 | Browser

Chrome

🐛 问题描述 | Bug Description

如果 code 中包含 html 标签,而且解析失败的话,走到 catch 里面 html 标签会直接渲染,别问我怎么知道的。。。

lobe-ui/src/hooks/useHighlight.ts

Lines 60 to 62 in 532c5bf

} catch {
return `<pre><code>${text}</code></pre>`;
}

🚦 期望结果 | Expected Behavior

需要在解析失败后对 code 进行转义

📷 复现步骤 | Recurrence Steps

No response

📝 补充信息 | Additional Information

No response
@Carrotzpc Carrotzpc added the 🐛 Bug Something isn't working | 缺陷 label Jul 5, 2024
@lobehubbot
Copy link
Member

👀 @Carrotzpc
Thank you for raising an issue. We will investigate into the matter and get back to you as soon as possible.
Please make sure you have given us as much context as possible.
非常感谢您提交 issue。我们会尽快调查此事,并尽快回复您。 请确保您已经提供了尽可能多的背景信息。

canisminor1990 added a commit that referenced this issue Jul 18, 2024
@canisminor1990
🐛 fix: Fix XSS (#176)
4ea87cf
@canisminor1990 canisminor1990 added the ✅ Fixed Fixed | 已修复 label Jul 18, 2024
@lobehubbot
Copy link
Member

@Carrotzpc


This issue is closed, If you have any questions, you can comment and reply.
此问题已经关闭。如果您有任何问题,可以留言并回复。

github-actions bot pushed a commit that referenced this issue Jul 18, 2024
@semantic-release-bot
🔖 chore(release): v1.146.9 [skip ci]
c06429f 
### [Version&nbsp;1.146.9](v1.146.8...v1.146.9)
<sup>Released on **2024-07-18**</sup>

#### 🐛 Bug Fixes

- **misc**: Fix XSS.

<br/>

<details>
<summary><kbd>Improvements and Fixes</kbd></summary>

#### What's fixed

* **misc**: Fix XSS, closes [#176](#176) ([4ea87cf](4ea87cf))

</details>

<div align="right">

[![](https://img.shields.io/badge/-BACK_TO_TOP-151515?style=flat-square)](#readme-top)

</div>
github-actions bot pushed a commit to bentwnghk/lobe-ui that referenced this issue Jul 18, 2024
@semantic-release-bot
🔖 chore(release): v1.18.6 [skip ci]
015e097 
### [Version&nbsp;1.18.6](v1.18.5...v1.18.6)
<sup>Released on **2024-07-18**</sup>

#### 🐛 Bug Fixes

- **misc**: Fix XSS.

<br/>

<details>
<summary><kbd>Improvements and Fixes</kbd></summary>

#### What's fixed

* **misc**: Fix XSS, closes [lobehub#176](https://github.com/bentwnghk/lobe-ui/issues/176) ([4ea87cf](4ea87cf))

</details>

<div align="right">

[![](https://img.shields.io/badge/-BACK_TO_TOP-151515?style=flat-square)](#readme-top)

</div>
ReneDrengen pushed a commit to ReneDrengen/lobe-ui that referenced this issue Sep 18, 2024
@canisminor1990 @ReneDrengen
🐛 fix: Fix XSS (lobehub#176)
c6717b5
ReneDrengen pushed a commit to ReneDrengen/lobe-ui that referenced this issue Sep 18, 2024
@semantic-release-bot @ReneDrengen
🔖 chore(release): v1.146.9 [skip ci]
a60aec5 
### [Version&nbsp;1.146.9](lobehub/lobe-ui@v1.146.8...v1.146.9)
<sup>Released on **2024-07-18**</sup>

#### 🐛 Bug Fixes

- **misc**: Fix XSS.

<br/>

<details>
<summary><kbd>Improvements and Fixes</kbd></summary>

#### What's fixed

* **misc**: Fix XSS, closes [lobehub#176](lobehub#176) ([4ea87cf](lobehub@4ea87cf))

</details>

<div align="right">

[![](https://img.shields.io/badge/-BACK_TO_TOP-151515?style=flat-square)](#readme-top)

</div>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🐛 Bug Something isn't working | 缺陷 ✅ Fixed Fixed | 已修复
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Carrotzpc @canisminor1990 @lobehubbot