Skip to content

Latest commit

 

History

History
15 lines (12 loc) · 2.27 KB

threat-modeling.md

File metadata and controls

15 lines (12 loc) · 2.27 KB

Threat Model Analysis for markedjs/marked

Threat: Cross-Site Scripting (XSS) via Malicious Markdown Input

Description: An attacker crafts malicious markdown input containing JavaScript code disguised within HTML tags or attributes that marked parses and renders as executable code in the user's browser. For example, injecting <img src="x" onerror="alert('XSS')"> or using javascript: URLs in links. The attacker might inject this markdown into user-generated content, comments, or any input processed by marked. When a victim views this content, the injected script executes, potentially stealing cookies, session tokens, redirecting to malicious sites, or defacing the page.

  • Impact: High. Successful XSS can lead to complete compromise of the user's session and account, data theft, malware distribution, and website defacement.
  • Affected Marked Component: HTML Renderer, Link Handling, Image Handling (specifically when parsing and rendering HTML tags and attributes within markdown).
  • Risk Severity: High.
  • Mitigation Strategies:
    • Strict HTML Sanitization: Utilize a robust HTML sanitization library (like DOMPurify) after marked parsing but before rendering the HTML in the browser. Configure the sanitizer to remove or neutralize potentially dangerous HTML elements and attributes (e.g., script, iframe, onerror, onload, javascript: URLs).
    • Configure marked with sanitizer Option: Leverage marked's built-in sanitizer option to provide a custom sanitization function. This allows for fine-grained control over the HTML output.
    • Content Security Policy (CSP): Implement a strong CSP to restrict the sources from which the browser can load resources and execute scripts. This acts as a defense-in-depth measure even if sanitization is bypassed.
    • Regularly Update marked: Keep marked updated to the latest version to benefit from security patches and bug fixes that may address XSS vulnerabilities.
    • Input Validation (Pre-parsing): While less effective against sophisticated XSS, consider basic input validation on the markdown content itself to reject obviously malicious patterns before passing it to marked.