Skip to content
This repository has been archived by the owner on Dec 10, 2020. It is now read-only.

XSS issue? #181

Closed
lox opened this issue Aug 26, 2015 · 2 comments
Closed

XSS issue? #181

lox opened this issue Aug 26, 2015 · 2 comments

Comments

@lox
Copy link

lox commented Aug 26, 2015

We had a bug reported that seems to exploit the src attribute of the video.js swf file to run js code. I'm not entirely sure how it works:

video-js.swf?src=blob:vjs-media-source/123%5C"))%7Dcatch(e)%7Balert(document.domain)%7D//&debug=true

Is this a known issue? How do we prevent this happening?
@heff
Copy link
Member

heff commented Aug 26, 2015

We fixed similar issues a while back and I thought either this one was fixed or there was some reason it wasn't an issue, but nevertheless we're killing the poster since we only rely on the HTML poster. Should have a patch out soon. #183

@heff
Copy link
Member

heff commented Aug 31, 2015

Fixed in 4.12.15, back ported to 4.12 versions on the CDN.
http:https://vjs.zencdn.net/4.12/video-js.swf?poster=http:https://www.flash-test.net/relog.swf

Thanks!

@heff heff closed this as completed Aug 31, 2015
zhangbobell added a commit to fex-team/ueditor that referenced this issue Feb 25, 2016
@zhangbobell
update video-js.swf to fix xss vulnerability, see videojs/video-js-sw…
debfc4c 
…f#181
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@heff @lox