Fixed XSS on Hackerone Markdown Report

yogeshojha · May 22, 2022 · 669a93e · 669a93e
1 parent f5bad1d
commit 669a93e
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -26,6 +26,8 @@ Please find the [FAQ](https://www.huntr.dev/faq) and [Responsible disclosure pol
 
 ## Past Security Vulnerabilities
 
+Thanks to these individuals for reporting Security Issues in reNgine.
+
 * [Stored XSS](https://github.com/yogeshojha/rengine/issues/178) on Detail Scan Page via Page Title Parameter, Reported by [omemishra](https://github.com/omemishra)
 
 * [Stored XSS](https://github.com/yogeshojha/rengine/issues/347) on Vulnerability Scan page via URL Parameter, Reported by [Arif Khan, payloadartist](https://twitter.com/payloadartist)
@@ -34,6 +36,10 @@ Please find the [FAQ](https://www.huntr.dev/faq) and [Responsible disclosure pol
 
 * [Stored XSS](https://huntr.dev/bounties/dfd440ba-4330-413c-8b21-a3d8bf02a67e/) on Import Targets via filename, Reported by [Veeshraj Ghimire](https://github.com/V35HR4J)
 
+* [Stored XSS](https://huntr.dev/bounties/8ea5d3a6-f857-45e4-9473-e4d9cb8f7c77/) on HackerOne Markdown template, Reported by [Smaran Chand](https://github.com/smaranchand) and [Ayoub Elaich](https://github.com/sicks3c)
+
+
+
 **reNgine thanks the following people for making a responsible disclosure and helping the community make reNgine safer!**
 
 * [onemishra](https://github.com/omemishra)

diff --git a/web/scanEngine/templates/scanEngine/settings/hackerone.html b/web/scanEngine/templates/scanEngine/settings/hackerone.html
@@ -96,12 +96,16 @@ <h4 class="header-title mt-3">Vulnerability Report Template</h4>
 <script src="{% static 'custom/custom.js' %}"></script>
 <script type="text/javascript">
 
-new SimpleMDE({
+var simplemde = new SimpleMDE({
   element: document.getElementById("vulnerability-report-template"),
   toolbar: ["preview", "bold", "italic", "heading", "heading-2", "unordered-list", "link" ,"|", "code" ,"|", "quote", "|", "guide"],
   spellChecker: false,
 });
 
+simplemde.options.previewRender = function(plainText) {
+  return DOMPurify.sanitize(simplemde.markdown(plainText));
+};
+
 function test_hackerone() {
   if ($("#username").val().length == 0 || $("#api_key").val().length == 0) {
     if ($("#username").val().length == 0) {