Instant open redirect on Live preview WEB Ide opening
HackerOne report #437142 by ruvlol on 2018-11-08:
Hello Gitlab team! Asset is my own gitlab installation for Ubuntu.
The issue I want to report is lack of sandbox attribute in iframe pointing to codesandbox. This results content inside iframe redirect top level window on load.
How to reproduce:
- create index.js with following content:
window.open("https://evil.com","_top");
- create package.json with following content:
{
"main": "index.js",
"dependencies": {
"vue": "latest"
}
}
- open file in Web IDE and load preview
How to fix:
- add sandbox attribute with needed permissions (for example, you need allow-scripts for sure) on codesandbox iframe.
Impact
Open redirect on web ide preview load.
Attachments
Warning: Attachments received through HackerOne, please exercise caution!