[frontend] 1162 innerHTML assignments create systemic XSS surface across JS layer #790

New issue

Open

opened 2026-06-03 00:37:44 +02:00 by sleepy · 0 comments

sleepy commented 2026-06-03 00:37:44 +02:00

Owner

Copy link

Finding

Across all frontend JS files, there are 1,162 innerHTML assignments vs only 51 textContent assignments in chat.js alone. Top offenders:

File	innerHTML count
emailLibrary.js	82
document.js	80
documentLibrary.js	72
chat.js	67
settings.js	61
admin.js	56
sessions.js	55
chatRenderer.js	47
tasks.js	44
skills.js	36

Risk

While many of these use the esc() helper, the sheer volume makes it extremely difficult to audit which assignments properly escape user content and which do not. The issue in #788 (character name XSS) proves that escaping is inconsistent.

Recommendation

1. Adopt a templating approach (e.g., tagged template literal that auto-escapes) to make innerHTML safer by default
2. Prefer textContent, createElement, or a safe DOM helper for any node containing user data
3. Add a CSP header to add defense-in-depth
4. Audit all innerHTML assignments that interpolate variables not passed through esc()

## Finding Across all frontend JS files, there are **1,162 innerHTML assignments** vs only 51 textContent assignments in chat.js alone. Top offenders: | File | innerHTML count | |------|----------------| | emailLibrary.js | 82 | | document.js | 80 | | documentLibrary.js | 72 | | chat.js | 67 | | settings.js | 61 | | admin.js | 56 | | sessions.js | 55 | | chatRenderer.js | 47 | | tasks.js | 44 | | skills.js | 36 | ## Risk While many of these use the esc() helper, the sheer volume makes it extremely difficult to audit which assignments properly escape user content and which do not. The issue in #788 (character name XSS) proves that escaping is inconsistent. ## Recommendation 1. Adopt a templating approach (e.g., tagged template literal that auto-escapes) to make innerHTML safer by default 2. Prefer textContent, createElement, or a safe DOM helper for any node containing user data 3. Add a CSP header to add defense-in-depth 4. Audit all innerHTML assignments that interpolate variables not passed through esc()

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dev

fix/effective-mode-undefined

fix/async-generator-500

refactor/split-small-routes-779

refactor/split-session-routes-778

refactor/split-llm-core-700

refactor/split-chat-routes-724

refactor/split-model-routes-701

refactor/split-skills-routes-777

refactor/split-document-routes-769

refactor/split-ai-interaction-722

refactor/split-cookbook-routes-775

refactor/split-builtin-actions-723

refactor/split-task-scheduler-774

refactor/tool-execution-split-667

fix/rag-health-coordinator-756

fix/agent-core-missing-round-loop

fix/rag-health-check-756

fix/missing-readmes-782

fix/search-files-split-772

fix/dedup-search-impl-771

fix/mcp-integrations-split-781

fix/cookbook-helpers-split-785

fix/search-cross-feature-776

fix/graceful-llm-degradation-770

fix/dedup-research-handler-773

fix/cross-route-coupling-780

fix/skills-typed-request-762

fix/chat-stream-pydantic-731

fix/chat-handler-imports-737

fix/public-llm-exports-730

fix/dedup-search-content-784

fix/dedup-stream-parse-735

fix/stream-error-boundary-734

fix/typed-event-names-786

fix/dedup-js-utilities-792

fix/skills-index-lookup-761

fix/xss-charname-innerhtml-788

fix/coderunner-document-write-789

fix/ai-interaction-thread-safety-729

fix/client-side-api-key-regex-793

fix/dead-loadingtext-796

fix/active-streams-eviction-736

fix/builtin-actions-sqlite-orm-732

fix/llm-core-thread-safety-709

fix/singleton-thread-safety-768

fix/video-upload-multimodal-826

fix/mic-button-audio-825

fix/multimodal-capabilities-827

fix/dedup-system-msg-717

fix/service-dead-calls-750

fix/db-session-context-manager-757

fix/dedup-llmconfig-710

fix/keyword-lists-764-v2

fix/keyword-lists-764

fix/llm-cache-ttl-708

fix/validate-config-711

fix/totp-constant-time-689

fix/admin-tools-constant-681

fix/dedup-truncate-670

fix/threadsafe-extractions-audit-754

fix/dedup-json-io-767

fix/695-deduplicate-admin-check

fix/upload-auth-dedup-765

fix/705-deduplicate-network-constants

fix/deduplicate-chunking-749

fix/760-deduplicate-embed

fix/dedup-validation-759

fix/748-deduplicate-tokenization

fix/add-readmes-728-742-782

fix/key-file-permissions-706

fix/embedding-retry-766

fix/deterministic-doc-ids-753

fix/search-facade-783

fix/remove-dead-memory-746

fix/remove-rag-manager-747

fix/dead-docstring-763

refactor/split-tool-schemas-666

refactor/split-agent-loop-664

refactor/split-tool-implementations-665

fix/mark-stopped-500-663

fix/streamingtts-scope-662

fix/code-block-tool-parsing-661

No results found.

Labels

Clear labels   

area:chat

  

area:core

  

area:llm

  

area:routes

  

area:tools

  

bug

Something isn't working

  

documentation

Improvements or additions to documentation

  

duplicate

This issue or pull request already exists

  

enhancement

New feature or request

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

invalid

This doesn't seem right

  

question

Further information is requested

  

refactor

  

wontfix

This will not be worked on

No labels

area:chat

area:core

area:llm

area:routes

area:tools

bug

documentation

duplicate

enhancement

good first issue

help wanted

invalid

question

refactor

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

sleepy/odysseus#790

No description provided.