Security: XSS Vulnerability in Snapshot Diff Component

[glowsenior]

Prerequisites

• I have searched for related issues in the issues list.
• This is an issue with the Halo project itself. If it is not an issue with the project itself(For example: Installation and deployment issues.), it is recommended to submit it in the Discussions.
• I have tried disabling all plugins to rule out plugins as the cause of the problem.
• If it is an issue with plugins and themes, please submit it in the respective plugin and theme repositories.

System information

• bug

What is the project operation method?

Source Code

What happened?

Security: XSS Vulnerability in Snapshot Diff Component

Description

The snapshot diff component (SnapshotDiffContent.vue) directly renders user-controlled content using innerHTML and v-html without sanitization, creating a cross-site scripting (XSS) vulnerability.

Affected Files

• ui/console-src/components/snapshots/SnapshotDiffContent.vue

Vulnerability Details

Location: Lines 59-61, 242, 258, and 291

The component directly sets innerHTML and uses v-html with unsanitized content:

// Lines 59-61
const oldContent = document.createElement("div");
oldContent.innerHTML = snapshot.value.old.content || "";
const newContent = document.createElement("div");
newContent.innerHTML = snapshot.value.new.content || "";

// Lines 242, 258

// Line 291

Reproduce Steps

No response

Relevant log output

Additional information

No response