不正なメンションを利用したXSSの修正

traPtitech · Sep 15, 2022 · 037f083 · 037f083
1 parent ed37922
commit 037f083
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/lib/markdown/markdown.ts b/src/lib/markdown/markdown.ts
@@ -37,10 +37,10 @@ const storeProvider: Store = {
     return `${embeddingOrigin}${channelIdToLink(id)}`
   },
   generateUserHref(id) {
-    return `javascript:openUserModal('${id}')`
+    return `javascript:openUserModal(${JSON.stringify(id)})`
   },
   generateUserGroupHref(id) {
-    return `javascript:openGroupModal('${id}')`
+    return `javascript:openGroupModal(${JSON.stringify(id)})`
   }
 }