mirror of
https://github.com/danog/psalm.git
synced 2024-11-30 04:39:00 +01:00
Add more verbose description for TaintedHtml (#4668)
Ref https://github.com/vimeo/psalm/issues/4590
This commit is contained in:
parent
3c7066f505
commit
2f8a5028d5
@ -2,6 +2,22 @@
|
||||
|
||||
Emitted when user-controlled input can be passed into to an `echo` statement.
|
||||
|
||||
## Risk
|
||||
|
||||
This could lead to a potential Cross Site Scripting (XSS) vulnerability. Using a XSS vulnerability, an attacker could inject malicious JavaScript and execute any action JavaScript could do. Examples include:
|
||||
|
||||
- Stealing authentication material (e.g. cookies, JWT tokens)
|
||||
- Exfiltrate sensitive information by reading the DOM
|
||||
- Keylog entries on the website (e.g. fake login form)
|
||||
|
||||
Wheter this is exploitable or not depends on a few conditions:
|
||||
|
||||
- Is an executable mimetype set? (e.g. `text/html`)
|
||||
- Is the content served inline or as attachment? (`Content-Disposition`)
|
||||
- Is the output properly sanitized? (e.g. stripping all HTML tags or having an allowlist of allowed characters)
|
||||
|
||||
## Example
|
||||
|
||||
```php
|
||||
<?php
|
||||
|
||||
@ -13,3 +29,14 @@ function printName(string $name) {
|
||||
echo $name;
|
||||
}
|
||||
```
|
||||
|
||||
## Mitigations
|
||||
|
||||
- Sanitize user-input by using functions such as `htmlentities` or use an allowlist.
|
||||
- Set all cookies to `HTTPOnly`.
|
||||
- Consider using Content Security Policy (CSP), to limit the risk of XSS vulnerabilities.
|
||||
|
||||
## Further resources
|
||||
|
||||
- [OWASP Wiki for Cross Site Scripting (XSS)](https://owasp.org/www-community/attacks/xss/)
|
||||
- [Content-Security-Policy - Web Fundamentals](https://developers.google.com/web/fundamentals/security/csp)
|
||||
|
Loading…
Reference in New Issue
Block a user