Regression of #56 - strings.ToLower allows input of SCRIPT tag
buro9 opened this issue · comments
Reported by @Ry0taK at 2021-03-27T01:00
I'm a security researcher who has been fuzzing famous XSS sanitizers.
While fuzzing the sanitizers, my fuzzer triggered an alert that shows bluemonday is vulnerable to bypass.
After some checks, I confirmed that this is a vulnerability, so I'm reporting it here.While checking the issues on the bluemonday repository, I realized that this is the same issue as #56 (Which must be resolved already as it's closed.)
As there is no doubt this vulnerability occurred again in somewhere of previous commits, I decided to find it.
And it was a commit that added vulnerable code again: 876b478#diff-c62e8d687f2dd220893e9990667b682f3261099565c254e3d236178f07729920
(It's now moved to here:)Line 232 in 22ed312
To reproduce this, please use the following steps:
- Download the attached bluemonday.zip
- Extract it.
- Run test.go: "go run test.go"
- Sanitization bypass will be shown.
If you are going to fix this issue, please let me know. I can assign CVE to notify this issue to users.
Best regards,
RyotaK