Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

HTML Injection through transaction memo

See original GitHub issue

In the transaction below: https://xrpcharts.ripple.com/#/transactions/7A93EE437A3FE7973900E54E35C4360E97ED174427AA1EBEDDBBCFEF66DBCB57

The initial memo content is <h1>THIS PAGE RENDERS HTML and the HTML is rendered. It looks like the Memo type can also have HTML Injection. rrrrr

Issue Analytics

State:
Created 5 years ago
Comments:7

Top GitHub Comments

1reaction

intelliotcommented, Jan 4, 2019

The sanitizer had whitelisted a few HTML tags like h1 and b. This whitelist has been removed, so the problem is now fixed. Thanks for reporting this!

1reaction

WietseWindcommented, Jan 1, 2019

As mentioned here, confirmed it was fixed. https://github.com/ripple/ripplecharts-frontend/issues/188

Top Results From Across the Web

HTML Injection Tutorial: Types & Prevention with Examples

HTML Injection is just the injection of markup language code to the document of the page. Stealing other person's identity may also happen ......

SQL Injection Prevention - OWASP Cheat Sheet Series

This article provides a set of simple techniques for preventing SQL Injection vulnerabilities by avoiding these two problems. These techniques can be used...

Documentation - SolidJS · Reactive Javascript Library

A declarative, efficient and flexible JavaScript library for building user interfaces.

Attack Signatures - F5 Cloud Docs

Attack Signatures¶. Attack signatures are rules or patterns that identify attack sequences or classes of attacks on a web application and its components....

RFC 3264: An Offer/Answer Model with Session Description ...

Distribution of this memo is unlimited. ... This offer/answer model is most useful in unicast sessions where information from both participants is needed ......