Fix/385 image upload content sniffing xss#440
Merged
KaranUnique merged 51 commits intoJul 14, 2026
Merged
Conversation
…on-enhancements feat: enhance hero section with premium animations and interactions
…toggle Fix/navbar theme toggle
…own-rendering fix: render markdown in AI Assistant chat messages
…er structure" This reverts commit 33c92b1. solving pr issue
…der structure" This reverts commit 5bcdfb2.
…dingPage" This reverts commit ac7c7c3.
…alidation fix(ux): add client-side validation for empty job search submissions
This reverts commit 2ded9e8.
…dme-for-latest-backend-folder-structure Fix/update readme for latest backend folder structure
…heet-upload fix: protect sheet upload endpoint
…ession-by-id fix: enforce session ownership authorization check in getSessionById
…-unlocked-achievements fix: validate unlockedAchievements request payload
fix: correct sidebar logout behavior
…-marker feat: add Need Revision marker using existing pin functionality
…tion-progress feat: add resume completion progress indicator
…terview-section Feature/enhance interview section
Author
|
hi @KaranUnique ,Please review the changes. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #385
Root Cause
As outlined in the issue, the image upload filter was trusting the client-supplied MIME type, and
sanitizeFilenamewas preserving the original file extension. This allowed a stored XSS vector by uploading an HTML payload masquerading as an image, which was then served without protective headers from/uploads.Changes Made
uploadMiddleware.js: Replaced mimetype trust with magic-byte verification usingfile-type. The middleware now usesmemoryStorage, runsverifyRealImageType, and writes the file usingpersistVerifiedImage.uploadMiddleware.js(sanitizeFilename): Now strips the user-supplied extension and forces the extension detected from the file's bytes.server.js: Hardened static serving for/uploadsby addingX-Content-Type-Options: nosniffandContent-Disposition: inlineheaders.Testing Done
Content-Type: image/jpeg— Rejected..jpg/.pngfiles — Success, and the stored extension matches the content./uploads/are now served with thenosniffheader but still render correctly.