[frontend/security] XSS via unescaped innerHTML with user-controlled character names in chat.js #788

New issue

Closed

opened 2026-06-03 00:37:00 +02:00 by sleepy · 0 comments

sleepy commented

2026-06-03 00:37:00 +02:00

Owner

Finding

chat.js lines 810-814 inject the character name into the DOM via innerHTML without HTML escaping:

var roleLabel = _shortModel(modelName);
var _charNameInit = presetsModule.getCharacterName ? presetsModule.getCharacterName() : "";
if (_charNameInit) roleLabel = _charNameInit;
// ...
holder.innerHTML = `<div class="role">${roleLabel} ...</div><div class="body"></div>`;

getCharacterName() in presets.js returns custom.character_name — a user-configured string stored in preset settings. If a user sets their character name to <img src=x onerror=alert(1)>, it executes as HTML.

Same pattern at line 3026 (string concatenation variant) and line 3828.

Impact

Stored XSS — any user who can create/edit a preset can inject arbitrary JavaScript that executes for anyone viewing chat messages rendered with that character name. In a multi-user deployment, this is a privilege escalation vector.

Evidence

presets.js:874: return custom.character_name || ""; — no sanitization
chat.js:814: holder.innerHTML = \...${roleLabel}...`;` — no escaping
esc() function exists in ui.js but is not applied to roleLabel

Recommendation

Apply esc() to roleLabel before inserting into innerHTML, or use textContent for the role label element.

## Finding `chat.js` lines 810-814 inject the character name into the DOM via `innerHTML` without HTML escaping: ```javascript var roleLabel = _shortModel(modelName); var _charNameInit = presetsModule.getCharacterName ? presetsModule.getCharacterName() : ""; if (_charNameInit) roleLabel = _charNameInit; // ... holder.innerHTML = `<div class="role">${roleLabel} ...</div><div class="body"></div>`; ``` `getCharacterName()` in `presets.js` returns `custom.character_name` — a user-configured string stored in preset settings. If a user sets their character name to `<img src=x onerror=alert(1)>`, it executes as HTML. Same pattern at line 3026 (string concatenation variant) and line 3828. ## Impact **Stored XSS** — any user who can create/edit a preset can inject arbitrary JavaScript that executes for anyone viewing chat messages rendered with that character name. In a multi-user deployment, this is a privilege escalation vector. ## Evidence - `presets.js:874`: `return custom.character_name || "";` — no sanitization - `chat.js:814`: `holder.innerHTML = \`...${roleLabel}...\`;` — no escaping - `esc()` function exists in `ui.js` but is not applied to `roleLabel` ## Recommendation Apply `esc()` to roleLabel before inserting into innerHTML, or use `textContent` for the role label element.

sleepy referenced this issue

2026-06-03 00:37:44 +02:00

[frontend] 1162 innerHTML assignments create systemic XSS surface across JS layer #790

sleepy referenced this issue

2026-06-03 00:40:42 +02:00

[frontend/security] API key prefixes regex-matched in client-side slashCommands.js #793

sleepy referenced this issue from a commit

2026-06-03 20:33:37 +02:00

[security] Fix XSS via unescaped innerHTML with user-controlled character names (#788)

sleepy referenced this issue from a pull request that will close it,

2026-06-03 20:34:05 +02:00

[security] XSS-fix: escape user-controlled data in innerHTML (#788) #839