fix: prevent sentinel collision XSS and document closing-fence deviation

blackwell-systems · SamMorrowDrums · commit 3c28543e4201 · 2026-05-31T11:16:45.000+02:00
Security fix: Add NUL byte (0x00) to shouldRemoveRune so that
FilterInvisibleCharacters strips NUL bytes before protectCodeAngleBrackets
runs. Without this, an attacker can inject literal sentinel strings
(\x00LT\x00script\x00GT\x00) that bypass FilterHTMLTags and get restored
to &lt;script&gt; by restoreCodeAngleBrackets.

Also add a comment documenting the CommonMark closing-fence deviation:
the implementation treats any run of &gt;= fenceLen backticks as a closing
fence even mid-line, which is more permissive than CommonMark (requires
own line, no info string). This is a soft-fail (some angle brackets may
be unprotected) rather than a security issue.

Tests added:
- sentinel collision: verifies NUL-byte injection does not produce &lt;script&gt;
- NUL bytes in code blocks: verifies code content is preserved after stripping
- NUL byte in shouldRemoveRune: verifies 0x00 is in the removal set
diff --git a/pkg/sanitize/sanitize.go b/pkg/sanitize/sanitize.go
@@ -191,7 +191,12 @@ func protectCodeAngleBrackets(input string) string {
 				b.WriteRune(runes[i]) // newline
 				i++
 			}
-			// Inside fence: protect angle brackets until closing fence
+			// Inside fence: protect angle brackets until closing fence.
+			// NOTE: CommonMark requires the closing fence to be on its own line
+			// with no info string. This implementation is more permissive: any
+			// run of >= fenceLen backticks ends the block, even mid-line. This
+			// is a soft-fail (some angle brackets may be unprotected) rather
+			// than a security issue.
 			for i < n {
 				// Check for closing fence
 				if runes[i] == '`' {
@@ -333,7 +338,8 @@ func getPolicy() *bluemonday.Policy {
 
 func shouldRemoveRune(r rune) bool {
 	switch r {
-	case 0x200B, // ZERO WIDTH SPACE
+	case 0x0000, // NUL — stripped to prevent sentinel collision in protectCodeAngleBrackets
+		0x200B, // ZERO WIDTH SPACE
 		0x200C, // ZERO WIDTH NON-JOINER
 		0x200E, // LEFT-TO-RIGHT MARK
 		0x200F, // RIGHT-TO-LEFT MARK
diff --git a/pkg/sanitize/sanitize_test.go b/pkg/sanitize/sanitize_test.go
@@ -129,6 +129,7 @@ func TestShouldRemoveRune(t *testing.T) {
 		expected bool
 	}{
 		// Individual characters that should be removed
+		{name: "NUL byte", rune: 0x0000, expected: true},
 		{name: "zero width space", rune: 0x200B, expected: true},
 		{name: "zero width non-joiner", rune: 0x200C, expected: true},
 		{name: "left-to-right mark", rune: 0x200E, expected: true},
@@ -337,6 +338,16 @@ func TestSanitizePreservesAngleBracketsInCodeBlocks(t *testing.T) {
 			input:    "No code here, just text.",
 			expected: "No code here, just text.",
 		},
+		{
+			name:     "sentinel collision does not bypass sanitizer",
+			input:    "\x00LT\x00script\x00GT\x00alert(1)\x00LT\x00/script\x00GT\x00",
+			expected: "LTscriptGTalert(1)LT/scriptGT", // NUL bytes stripped; sentinels don't match; no <script> injected
+		},
+		{
+			name:     "NUL bytes stripped from input with code blocks",
+			input:    "```\nfunc Foo\x00[T any]()\n```",
+			expected: "```\nfunc Foo[T any]()\n```",
+		},
 	}
 
 	for _, tt := range tests {
