复制步骤
This vulnerability can convert safe <option> tags that are surrounded by various other tags (particularly the <select> tag) into unsafe ones, thereby opening the possibility of a Cross-Site Scripting (XSS) attack. The vulnerability is present in versions of the library prior to 1.8.0, specifically in the jqLite library.
解决问题
使用早于 1.8.0 版本 AngularJS 的客户应立即升级。
此修复包含一个破坏向后兼容性的更改,因此可以使用 UNSAFE_restoreLegacyJqLiteXHTMLReplacement 找到一个恢复旧行为的新方法。如果您选择使用这种向后兼容的方法作为临时措施,请计划尽快替换它。
学习与预防
Although there are many ways in which an XSS attack can occur that are within the developer’s control, in this case, the problem was in the method that was used to help sanitize the code. The original code used in the library was able to take already-sanitized code and turn it into unsanitized code. Sanitized, in this case, means that the code had already been “escaped.” Escaping is the process of converting risky characters such as < to safer versions (< in the case). Since it’s not possible to know the order in which various sanitization functions are executed, this improper transformation could have occurred last—thereby rendering the code insecure.
结论
1.8.0 中已修复了此漏洞,仍在使用 Angular 1.5 的 HeroDevs AngularJS 永无止境支持客户也可立即使用此漏洞。如果您希望获得支持以避免代价高昂的潜在攻击,请立即联系 HeroDevs [TODO:插入链接]。
如果您希望获得 HeroDevs 永无止境的支持服务,请立即联系我们的销售团队。
资源
每当我们支持的开源软件修复了新的漏洞,我们就会发出警报。