From d9269310cc65edb9f96b946f44fb1c926582d346 Mon Sep 17 00:00:00 2001 From: Zamil Majdy Date: Mon, 9 Feb 2026 19:10:17 +0400 Subject: [PATCH] fix(frontend/mcp): Loop HTML tag stripping to prevent XSS bypass The single-pass regex `/<[^>]+>/g` can be bypassed with nested tags like `ipt>`. Loop until no more tags are found. Note: React auto-escapes JSX so this is defense-in-depth. --- .../components/legacy-builder/MCPToolDialog.tsx | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/autogpt_platform/frontend/src/app/(platform)/build/components/legacy-builder/MCPToolDialog.tsx b/autogpt_platform/frontend/src/app/(platform)/build/components/legacy-builder/MCPToolDialog.tsx index 0013df1032..40f9239375 100644 --- a/autogpt_platform/frontend/src/app/(platform)/build/components/legacy-builder/MCPToolDialog.tsx +++ b/autogpt_platform/frontend/src/app/(platform)/build/components/legacy-builder/MCPToolDialog.tsx @@ -39,7 +39,6 @@ type DialogStep = "url" | "tool"; const OAUTH_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes - export function MCPToolDialog({ open, onClose, @@ -526,11 +525,15 @@ function MCPToolCard({ const required = new Set(tool.input_schema?.required ?? []); const paramNames = Object.keys(properties); - // Strip XML-like tags and hints from description for cleaner display - const cleanDescription = (tool.description ?? "") - .replace(/<[^>]+>[^<]*<\/[^>]+>/g, "") - .replace(/<[^>]+>/g, "") - .trim(); + // Strip XML-like tags from description for cleaner display. + // Loop to handle nested tags like ipt> (CodeQL fix). + let cleanDescription = tool.description ?? ""; + let prev = ""; + while (prev !== cleanDescription) { + prev = cleanDescription; + cleanDescription = cleanDescription.replace(/<[^>]*>/g, ""); + } + cleanDescription = cleanDescription.trim(); return (