From 2275735fdf6fba42b02c21a5e8d79b63c68a834e Mon Sep 17 00:00:00 2001 From: papereth <69432409+papereth@users.noreply.github.com> Date: Mon, 10 Aug 2020 18:50:02 +0200 Subject: [PATCH] Fix information leak in thread.html (#377) Sensitive information can be leaked due to inadequate/absent escaping, if proxy_save enabled Line 14 is truncating before removing tags, this can cause some tags to be cut and therefore not be removed by the `remove_` functions. Line 22 is just leaking it all, not removing anything. --- templates/thread.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/thread.html b/templates/thread.html index 74e7db40..02735c19 100644 --- a/templates/thread.html +++ b/templates/thread.html @@ -11,7 +11,7 @@ {% include 'header.html' %} - {% set meta_subject %}{% if config.thread_subject_in_title and thread.subject %}{{ thread.subject|e }}{% else %}{{ thread.body_nomarkup[:256]|remove_modifiers|e }}{% endif %}{% endset %} + {% set meta_subject %}{% if config.thread_subject_in_title and thread.subject %}{{ thread.subject|e }}{% else %}{{ thread.body_nomarkup|remove_modifiers|remove_markup|e[:256] }}{% endif %}{% endset %} @@ -19,7 +19,7 @@ {% if thread.files.0.thumb %}{% endif %} - +