Use SAFE_FOR_XML for pasted content

djmb · djmb · commit 5f61df05e661 · 2025-05-05T15:27:27.000+01:00
We default SAFE_FOR_XML to false to allow comments in attachments.
However we don't need when pasting content and it exposes us to
potential XSS attacks there, so let's override the setting when pasting.
diff --git a/src/test/system/pasting_test.js b/src/test/system/pasting_test.js
@@ -119,6 +119,21 @@ testGroup("Pasting", { template: "editor_empty" }, () => {
     delete window.unsanitized
   })
 
+  test("paste data-trix-attachment unsafe html div overload", async () => {
+    window.unsanitized = []
+    const pasteData = {
+      "text/plain": "x",
+      "text/html": `\
+      <div data-trix-attachment="{&quot;contentType&quot;:&quot;text/html5&quot;,&quot;content&quot;:&quot;<div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><a><svg><desc><svg><image><a><desc><svg><image></image></svg></desc></a></image><style><a data-trix-caca='</style><img src=x onerror=window.unsanitized.push(1)>'></a></style></svg></desc></svg></a>&quot;}"></div>
+      `,
+    }
+
+    await pasteContent(pasteData)
+    await delay(20)
+    assert.deepEqual(window.unsanitized, [])
+    delete window.unsanitized
+  })
+
   test("paste data-trix-attachment encoded mathml", async () => {
     window.unsanitized = []
     const pasteData = {
diff --git a/src/trix/models/composition.js b/src/trix/models/composition.js
@@ -127,7 +127,7 @@ export default class Composition extends BasicObject {
   }
 
   insertHTML(html) {
-    const document = HTMLParser.parse(html).getDocument()
+    const document = HTMLParser.parse(html, { purifyOptions: { SAFE_FOR_XML: true } }).getDocument()
     const selectedRange = this.getSelectedRange()
 
     this.setDocument(this.document.mergeDocumentAtRange(document, selectedRange))
diff --git a/src/trix/models/html_parser.js b/src/trix/models/html_parser.js
@@ -66,10 +66,11 @@ export default class HTMLParser extends BasicObject {
     return parser
   }
 
-  constructor(html, { referenceElement } = {}) {
+  constructor(html, { referenceElement, purifyOptions } = {}) {
     super(...arguments)
     this.html = html
     this.referenceElement = referenceElement
+    this.purifyOptions = purifyOptions
     this.blocks = []
     this.blockElements = []
     this.processedElements = []
@@ -84,7 +85,7 @@ export default class HTMLParser extends BasicObject {
   parse() {
     try {
       this.createHiddenContainer()
-      HTMLSanitizer.setHTML(this.containerElement, this.html)
+      HTMLSanitizer.setHTML(this.containerElement, this.html, { purifyOptions: this.purifyOptions })
       const walker = walkTree(this.containerElement, { usingFilter: nodeFilter })
       while (walker.nextNode()) {
         this.processNode(walker.currentNode)
diff --git a/src/trix/models/html_sanitizer.js b/src/trix/models/html_sanitizer.js
@@ -16,8 +16,8 @@ const DEFAULT_FORBIDDEN_PROTOCOLS = "javascript:".split(" ")
 const DEFAULT_FORBIDDEN_ELEMENTS = "script iframe form noscript".split(" ")
 
 export default class HTMLSanitizer extends BasicObject {
-  static setHTML(element, html) {
-    const sanitizedElement = new this(html).sanitize()
+  static setHTML(element, html, options) {
+    const sanitizedElement = new this(html, options).sanitize()
     const sanitizedHtml = sanitizedElement.getHTML ? sanitizedElement.getHTML() : sanitizedElement.outerHTML
     element.innerHTML = sanitizedHtml
   }
@@ -28,18 +28,20 @@ export default class HTMLSanitizer extends BasicObject {
     return sanitizer
   }
 
-  constructor(html, { allowedAttributes, forbiddenProtocols, forbiddenElements } = {}) {
+  constructor(html, { allowedAttributes, forbiddenProtocols, forbiddenElements, purifyOptions } = {}) {
     super(...arguments)
     this.allowedAttributes = allowedAttributes || DEFAULT_ALLOWED_ATTRIBUTES
     this.forbiddenProtocols = forbiddenProtocols || DEFAULT_FORBIDDEN_PROTOCOLS
     this.forbiddenElements = forbiddenElements || DEFAULT_FORBIDDEN_ELEMENTS
+    this.purifyOptions = purifyOptions || {}
     this.body = createBodyElementForHTML(html)
   }
 
   sanitize() {
     this.sanitizeElements()
     this.normalizeListElementNesting()
-    DOMPurify.setConfig(config.dompurify)
+    const purifyConfig = Object.assign({}, config.dompurify, this.purifyOptions)
+    DOMPurify.setConfig(purifyConfig)
     this.body = DOMPurify.sanitize(this.body)
 
     return this.body

Original file line number	Diff line number	Diff line change
`@@ -127,7 +127,7 @@ export default class Composition extends BasicObject {`
`127`	`127`	`}`
`128`	`128`
`129`	`129`	`insertHTML(html) {`
`130`		`- const document = HTMLParser.parse(html).getDocument()`
	`130`	`+ const document = HTMLParser.parse(html, { purifyOptions: { SAFE_FOR_XML: true } }).getDocument()`
`131`	`131`	`const selectedRange = this.getSelectedRange()`
`132`	`132`
`133`	`133`	`this.setDocument(this.document.mergeDocumentAtRange(document, selectedRange))`