jazzymc/homarr
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Merge commit from fork

Browse Source 
* fix: sanitize user-media svg api endpoint using isomorphic dompurify

* fix: add iframe sandbox to prevent priviledge escalation
This commit is contained in:
Manuel
2025-11-14 18:00:15 +01:00
committed by GitHub
parent d33cfe211a
commit aaa23f3732
5 changed files with 118 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
apps/nextjs/src/app/api/user-medias/[id]/route.ts
View File

@@ -1,6 +1,7 @@
import { notFound } from "next/navigation";
import { NextResponse } from "next/server";
import type { NextRequest } from "next/server";
import DOMPurify from "isomorphic-dompurify";
import { db, eq } from "@homarr/db";
import { medias } from "@homarr/db/schema";
@@ -19,11 +20,24 @@ export async function GET(_req: NextRequest, props: { params: Promise<{ id: stri
notFound();
}
let content = new Uint8Array(image.content);
// Sanitize SVG content to prevent XSS attacks
if (image.contentType === "image/svg+xml" || image.contentType === "image/svg") {
const svgText = new TextDecoder().decode(content);
const sanitized = DOMPurify.sanitize(svgText, {
USE_PROFILES: { svg: true, svgFilters: true },
});
content = new TextEncoder().encode(sanitized);
}
const headers = new Headers();
headers.set("Content-Type", image.contentType);
headers.set("Content-Length", image.content.length.toString());
headers.set("Content-Length", content.length.toString());
headers.set("Content-Security-Policy", "default-src 'none'; style-src 'unsafe-inline'; sandbox");
headers.set("X-Content-Type-Options", "nosniff");
return new NextResponse(new Uint8Array(image.content), {
return new NextResponse(content, {
status: 200,
headers,
});