fixed security issue #1350 & #1349

OWASP-BLT · Nov 2, 2023 · d432204 · d432204
1 parent c336b74
commit d432204
Showing 1 changed file with 13 additions and 2 deletions.
diff --git a/website/static/js/jquery.caret.js b/website/static/js/jquery.caret.js
@@ -216,8 +216,19 @@
             $inputor = this.$inputor;
             if (oDocument.selection) {
                 offset = this.getIEOffset(pos);
-                offset.top += $(oWindow).scrollTop() + $inputor.scrollTop();
-                offset.left += $(oWindow).scrollLeft() + $inputor.scrollLeft();
+                // Check if oWindow is a window object by checking for window-specific properties
+                function isValidWindow(obj) {
+                    return obj && typeof obj === 'object' && 'scrollTo' in obj && obj.document && obj.self === obj;
+                }
+                // Then use this function in your conditionals
+                if (isValidWindow(oWindow)) {
+                    offset.top += $(oWindow).scrollTop();
+                    offset.left += $(oWindow).scrollLeft();
+                } else {
+                    console.error('oWindow is not a valid window object.');
+                }
+                offset.top += $inputor.scrollTop();
+                offset.left += $inputor.scrollLeft();
                 return offset;
             } else {
                 offset = $inputor.offset();