Comments (7)
Is this not a problem with IE's "great" MIME Type Detection ?
from htmlsanitizer.
But multimedia data type should be safe, no? for example audio, image, and video.
from htmlsanitizer.
or example, when a web application allows users to upload an image and only checks the file extension, the user can upload an image.jpg that actually contains HTML code. Older versions of Internet Explorer (especially versions 6 and 7) then render the file as HTML, which opened the possibility for a persistent Cross-Site Scripting (XSS) attack.
http://blog.fox-it.com/2012/05/08/mime-sniffing-feature-or-vulnerability/
Not sure if this counts for data uris
from htmlsanitizer.
I tried several case with image and script, also iframe tag in IE11 (MDN page says IE11 only support data URI for CSS, link, and img)
<img alt="Incorrect image using image/png data type" src="data:image/png;base64,amF2YXNjcmlwdDphbGVydCgnWFNTJyk7"/>
<img alt="Incorrect image using text/html data type contain javascript:alert('XSS');" src="data:text/html;base64,amF2YXNjcmlwdDphbGVydCgnWFNTJyk7"/>
<img alt="Incorrect image using text/html data type contain <script>alert('Hello');</script>" src="data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4="/>
<script src="data:text/html;base64,amF2YXNjcmlwdDphbGVydCgnWFNTJyk7"></script>
<iframe src="data:text/html;base64,PHNjcmlwdD5hbGVydCgiSGVsbG8iKTs8L3NjcmlwdD4="></iframe>
img tag doesn't expose XSS threat although using invalid mime type and data. SO I think above link doesn't count for data uris
Updated
from htmlsanitizer.
If you want to allow the data protocol, you can do so using the AllowedSchemes
property. Potential problems with "wrong" MIME types apply equally to http, don't they? That is, if you allow img tags, you'll have to trust the browser because you have no control over what the server responds with.
from htmlsanitizer.
Agree on that :)
from htmlsanitizer.
Agreed too. Thanks for your explanation :)
from htmlsanitizer.
Related Issues (20)
- AngleSharp missing dependency HOT 2
- Url extra escaping HOT 3
- Error on sanitizing simple post without any invalid char. HOT 3
- about slash in background property HOT 1
- Allow outlook conditional comments HOT 1
- Sanitizer removes "px" from the source style attributes when it's "0px" HOT 1
- Properties in @font-face declaration are removed (font-display, mso-generic-font-family, mso-font-alt) HOT 1
- FilterUrl event not raised for relative URLs if baseUrl is used HOT 1
- href's allow inline javascript? HOT 2
- AngleSharp dependency issue in .NET Framework (IIS-hosted WCF service) HOT 9
- RemovingTag and/or RemovingAttribute does not fire for "<BODY ONLOAD=alert('XSS')>" HOT 1
- css attribute white-space is being removed by default HOT 1
- Characters such as < and > are removed, even if they're not a tag
- Unable to load assembly AngleSharp Version 0.17.0 when HtmlSanitizer Initialized HOT 1
- What's the correct way to allow ld+json? HOT 3
- HtmlSanitization removes Allowed Attributes from HTML content within a JSON string HOT 1
- Error in HtmlSanitizer.Sanitize HOT 13
- Advice about sanitizing markdown HOT 3
- Sanitizer Removes HTML styling Inside JSON string
- Conflict Between HtmlSanitizer and Bunit Due to AngleSharp Version HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from htmlsanitizer.