Sha256: 82e78417bb234d648b51b9961067c808c6a7ebc50ba3ae2a3389c7da395c1356
Contents?: true
Size: 1.34 KB
Versions: 6
Compression:
Stored size: 1.34 KB
Contents
---
gem: ember-source
cve: 2014-0013
url: https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4
title: |
Ember.js Potential XSS Exploit With User-Supplied Data When Binding
Primitive Values
date: 2014-01-14
description: |
In general, Ember.js escapes or strips any user-supplied content before
inserting it in strings that will be sent to innerHTML. However, we have
identified a vulnerability that could lead to unescaped content being inserted
into the innerHTML string without being sanitized.
When a primitive value is used as the Handlebars context, that value is not
properly escaped. An example of this would be using the `{{each}}` helper to
iterate over an array of user-supplied strings and using `{{this}}` inside the
block to display each string.
In applications that contain templates whose context is a primitive value and
use the `{{this}}` keyword to display that value, a specially-crafted payload
could execute arbitrary JavaScript in the context of the current domain
("XSS").
This vulnerability affects applications that contain templates whose context is
set to a user-supplied primitive value (such as a string or number) and also
contain the `{{this}}` special Handlebars variable to display the value.
patched_versions:
- ~> 1.0.1
- ~> 1.1.3
- ~> 1.2.1
- ~> 1.3.1
- ">= 1.4.0.beta.2"
Version data entries
6 entries across 6 versions & 2 rubygems