Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secure the usage of angular-ui-notification library #159

Closed
nadouani opened this issue Mar 27, 2017 · 0 comments
Closed

Secure the usage of angular-ui-notification library #159

nadouani opened this issue Mar 27, 2017 · 0 comments
Assignees
@nadouani
Labels
bug
Milestone
2.10.2

Comments

@nadouani
Copy link
Contributor

Request Type

Bug

Work Environment

Any

Problem Description

TheHive uses an open source angular library to display notification toasts: https://github.com/alexcrack/angular-ui-notification

This library introduce a XSS vulnerability, since it trusts the messages to be displayed, as HTML.
An issue is still open to fix this vulnerability

In the meantime, we will make sure to sanitize the content we display in notification toasts
@nadouani nadouani added the bug label Mar 27, 2017
@nadouani nadouani added this to the 2.10.2 milestone Mar 27, 2017
@nadouani nadouani self-assigned this Mar 27, 2017
nadouani added a commit that referenced this issue Mar 27, 2017
@nadouani
#159 Sanitize the content to be displayed by AlertSrv
a7d1fee
nadouani added a commit that referenced this issue Mar 27, 2017
@nadouani
#159 Upgrade ui-notification library
f51208e
@nadouani nadouani reopened this Mar 27, 2017
nadouani added a commit that referenced this issue Mar 28, 2017
@nadouani
#159 Rewrite the sanitization utility service and use it to secure th…
3a585cf 
…e notification messages
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nadouani nadouani

Labels
bug
Projects
None yet
Milestone
2.10.2
Development

No branches or pull requests
1 participant
@nadouani