FbIN/android-foss
1
0
Fork 0
mirror of https://github.com/offa/android-foss.git synced 2026-04-19 03:36:18 +05:30
Code Issues Projects Releases Packages Wiki Activity

fix(security): theme selection via dom input without validation (#629)

Browse source 
The `changeCSS` function constructs a URL by interpolating user-controlled input (`theme` parameter from the `<select>` element) directly into a CDN URL template. While the current `<select>` restricts values, if the function were called programmatically (e.g., via browser console or if the DOM is manipulated), an attacker could inject an arbitrary path into the stylesheet URL, potentially loading a malicious CSS file from the CDN.

Affected files: index.html

Signed-off-by: Trần Bách <45133811+barttran2k@users.noreply.github.com>
This commit is contained in:
Trần Bách 2026-04-08 01:11:14 +07:00 committed by GitHub
commit 67d3746f69
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
index.html
View file

@ -58,8 +58,11 @@
.catch( error => console.error( 'Error:', error ) );
// Change the theme
const allowedThemes = ['darkly', 'united', 'flatly', 'quartz'];
function changeCSS( theme )
{
if ( !allowedThemes.includes( theme ) ) return;
document.querySelector( 'link' ).href
= `https://cdn.jsdelivr.net/npm/bootswatch@${bootswatchVersion}/dist/${theme}/bootstrap.min.css`;
}