Description

The two main vectors for XSS attacks are plugins (via the titles/descriptions in the manifest or config schema) and an imported configuration. Verify the Island UI is safe from XSS attacks from these two vectors.

Pay special attention to any uses of dangerouslySetInnerHTML.

Tasks

• Prove the Island UI is safe from XSS attacks if malicious plugins are loaded (0d)
  • Manifest
  • Config Schema
  • Disallow malicious plugins in the backend
• Prove the Island UI is safe from XSS attacks if a malicious config is imported (0d)
• Prove that other inputs are safe from XSS attacks (0d)