XSS vulnerability

[kp-thibaut]

The ngModel.$isEmpty function bypass the native froala security cleaning method, by executing the content of value with the JQuery function.

In my case, I just reuse the froala native html.clean method to fix it.

Like this:

ngModel.$isEmpty = function (value) {
	if (!value) {
		return true;
	}

	value = element.froalaEditor('clean.html', value, [], [], false);

	var isEmpty = element.froalaEditor('node.isEmpty', jQuery('<div>' + value + '</div>').get(0));
	return isEmpty;
};

Example of XSS injection concerned:
Script URI scheme XSS test<img src="javascript:alert('XSS')">

BTW, I have fixed some lint issues to and all your tests are down due to new JQuery version (3.3.1) by the froala dependencies.

AS the change is not invasive, I push it without testing it via grunt. I've made some tests by my side.

[benjifin]

@shashankaccolite @stefanneculai hey do you have any comments on this issue?
I work for Snyk, and this seems to be a disclosed and demonstrated security issue, and we would therefore like to add this to our DB - but wondered if you guys had any more context to give before we do that? Thanks!

[kp-thibaut]

Closed due to lack of consideration since 5 years. Framework is now deprecated.