We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the `deno_doc` crate which lead to Self-XSS with deno doc --html. 1.) XSS in generated `search_index.js`, `deno_doc` outputs a JavaScript file for searching. However, the generated file used `innerHTML` on unsanitzed HTML input. 2.) XSS via property, method and enum names, `deno_doc` did not sanitize property names, method names and enum names. The first XSS most likely didn't have an impact since `deno doc --html` is expected to be used locally with own packages.
Reserved 2024-04-12 | Published 2024-11-25 | Updated 2024-11-25 | Assigner GitHub_MCWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
github.com/...d/deno/security/advisories/GHSA-qqwr-j9mm-fhw6
github.com/...6e75eb6b73e/src/html/templates/pages/search.js
Support options