For SafeHtml, do I need to sanitize the "link" in the <img src = link> tag, GWT?
I got a text field that allows users to place a link to an image (for example: http: //abc.test.gif ) and another text field that allows the user to enter alternative text (for example: "This is test.gif") and a submit button.
When the user clicks the submit button, the program generates <img src="http://abc.test.gif" alt="This is test.gif"> this line and saves it to the database for later use.
My question is: I need to sanitize imagelink "http://abc.test.gif" and the text in the alt tag "This is test.gif"
For example, I need to use UriUtils.isSafeUri("http://abc.test.gif"); and SafeHtmlUtils.fromString("This is test.gif"
You intentionally allow the user to enter whatever they want to go into the src and alt attributes of the img tag. It is truly open to any XSS attack. Look here for some examples that still work in recent browsers.
In addition, you save a row in your database for later use (guessing), so an attack can occur at a later time when you use such a row to create a node in the DOM with even more unpredictable results.
One solution could be to save only the URL and an alternative string in the database (with the correct input check, if any) and create a safe img snippet when you need it, using a simple template like following (or programmatically using SafeHtmlBuilder )
public interface Template extends SafeHtmlTemplates { @Template("<img src=\"{0}\" alt=\"{1}\"/>") SafeHtml img(SafeUri uri, SafeHtml alternativeText); } Used as:
template.img( UriUtils.fromString(yourValidatedDbUrl), SafeHtmlUtils.fromString(yourValidatedAlternativeText)); So you:
- check user input;
- store only verified values (as is);
- generate an img fragment in a safe way only when it is really necessary.