release(v1.9.9): fix(branding): sanitize custom logo URL

2025-11-16 21:31:08 -05:00
parent ad1d41fad8
commit 08f7ffccbc
2 changed files with 20 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,16 @@
 # Changelog

+## Changes 11/16/2025 (v1.9.9)
+
+release(v1.9.9): fix(branding): sanitize custom logo URL preview
+
+- Sanitize branding.customLogoUrl on the server before writing siteConfig.json
+- Allow only http/https or site-relative paths; strip invalid/sneaky values
+- Update adminPanel.js live logo preview to set img src/alt safely
+- Addresses CodeQL XSS warning while keeping Pro branding logo overrides working
+
+---
+
 ## Changes 11/16/2025 (v1.9.8)

 release(v1.9.8): feat(pro): wire core to Pro licensing + branding hooks
--- a/public/js/adminPanel.js
+++ b/public/js/adminPanel.js
@@ -85,7 +85,15 @@ function updateHeaderLogoFromAdmin() {
      url = '/' + url;
    }

-    if (url) {
+    // ---- Sanitize URL (mirror AdminModel::sanitizeLogoUrl) ----
+    const isHttp = /^https?:\/\//i.test(url);
+    const isSiteRelative = url.startsWith('/') && !url.includes('://');
+
+    // Strip any CR/LF just in case
+    url = url.replace(/[\r\n]+/g, '');
+
+    if (url && (isHttp || isSiteRelative)) {
+      // safe enough for <img src="...">
      logoImg.setAttribute('src', url);
      logoImg.setAttribute('alt', 'Site logo');
    } else {