Skip to content

fix: validate host_url to prevent Host-header injection XSS#93

Open
Joshua-Medvinsky wants to merge 1 commit into
themanojdesai:mainfrom
Joshua-Medvinsky:fix/find-002-host-header-xss
Open

fix: validate host_url to prevent Host-header injection XSS#93
Joshua-Medvinsky wants to merge 1 commit into
themanojdesai:mainfrom
Joshua-Medvinsky:fix/find-002-host-header-xss

Conversation

@Joshua-Medvinsky

Copy link
Copy Markdown

Summary

The Flask request object is passed as a template variable into render_template_string. The template renders {{ request.host_url }} unescaped. An attacker controlling the Host header can inject arbitrary HTML/JavaScript into the rendered page, achieving XSS against any user visiting the agent UI.

Fix

Do not pass the raw request object into the template. Instead, validate host_url with a regex and pass only the sanitized value. Template updated to use {{ host_url }} instead of {{ request.host_url }}.

Test Plan

  • Normal Host header renders correctly
  • Injected Host header with <script> tags is sanitized
  • All agent UI pages render without XSS

Security Note

Severity: High. Host-header injection → reflected XSS on the trusted origin.

Signed-off-by: FailSafe Researcher <joshua@getfailsafe.com>
@Joshua-Medvinsky Joshua-Medvinsky force-pushed the fix/find-002-host-header-xss branch from fd29730 to f122ceb Compare June 10, 2026 03:22
@failsafesecurity

Copy link
Copy Markdown

Hi maintainers — friendly follow-up on this security hardening PR. It has been open for a while with no reviewer feedback, so I wanted to resurface it.

Happy to rebase, adjust the approach, add tests, or split the change differently if that would make review easier. Thanks!

@failsafesecurity

Copy link
Copy Markdown

Hi — this security PR has been open for 40 days without maintainer response. Per our responsible disclosure policy, I'll be closing this PR shortly. I may resubmit via a bounty platform if appropriate. Thanks for your time.

@failsafesecurity

Copy link
Copy Markdown

Closing per responsible disclosure policy: 35+ days open with no maintainer response. May resubmit via bounty platform.

@failsafesecurity

Copy link
Copy Markdown

This security fix has been open for 30+ days. Per our responsible disclosure timeline, we'd like to move toward resolution. We can: (1) rebase and adjust the patch, (2) reach out via security@ email, or (3) resubmit via a bounty platform. Please let us know your preference.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants