Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug report: HTML not escaped properly #490

Closed
ghost opened this issue Feb 7, 2019 · 1 comment
Closed

Bug report: HTML not escaped properly #490

ghost opened this issue Feb 7, 2019 · 1 comment

Comments

@ghost
Copy link

ghost commented Feb 7, 2019

Summary

When building an HTML options list the value is not escaped. This causes some of the value to be displayed in the name.

Example

This is a problem for RegExs because some contain a " followed by a > which causes part of the regex to appear in the name because the HTML is parsed incorrectly, as shown below.

image

image

Link to show bug

This issue comes from Line 159 and is present in other places, where the HTML value is not escaped, but the values don't trigger it

CyberChef/src/web/HTMLIngredient.mjs

Line 159 in 6f8a5ea

html += `<option populate-value="${this.value[i].value}">${this.value[i].name}</option>`;

@n1474335
Copy link
Member

n1474335 commented Feb 8, 2019

Good spot, thanks. This has now been fixed in v8.23.4.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@n1474335