From 7ecd58dc0ca7bf9d0acb00bf04194a0cb6e8b724 Mon Sep 17 00:00:00 2001
From: Shaun McCance <shaunm@gnome.org>
Date: Fri, 18 Apr 2025 11:33:01 -0400
Subject: [PATCH] Initial fix for CVE-2025-3155 from parrot409

https://gitlab.gnome.org/GNOME/yelp/-/issues/221
---
 data/xslt/mal2html.xsl.in    |  5 +++++
 data/xslt/man2html.xsl.in    |  2 +-
 data/xslt/yelp-common.xsl.in |  7 +++++++
 libyelp/yelp-transform.c     | 19 +++++++++++++++++++
 libyelp/yelp-view.c          |  2 +-
 5 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/data/xslt/mal2html.xsl.in b/data/xslt/mal2html.xsl.in
index 9e44b734..0a74da55 100644
--- a/data/xslt/mal2html.xsl.in
+++ b/data/xslt/mal2html.xsl.in
@@ -19,6 +19,11 @@
 <xsl:param name="mal.link.prefix" select="'xref:'"/>
 <xsl:param name="mal.link.extension" select="''"/>
 
+<xsl:template name="html.head.top.custom">
+  <xsl:param name="node" select="."/>
+  <meta http-equiv="Content-Security-Policy" content="default-src bogus-ghelp: bogus-gnome-help: bogus-help: bogus-help-list: bogus-info: bogus-man: ; script-src 'nonce-{$html.csp.nonce}'; style-src 'nonce-{$html.csp.nonce}'; "/>
+</xsl:template>
+
 <xsl:template name="mal.link.target.custom">
   <xsl:param name="node" select="."/>
   <xsl:param name="action" select="$node/@action"/>
diff --git a/data/xslt/yelp-common.xsl.in b/data/xslt/yelp-common.xsl.in
index 0c1ec9bb..421fc02d 100644
--- a/data/xslt/yelp-common.xsl.in
+++ b/data/xslt/yelp-common.xsl.in
@@ -15,6 +15,13 @@
 <xsl:param name="html.syntax.highlight" select="true()"/>
 <xsl:param name="html.js.root" select="'file://@XSL_JSDIR@/'"/>
 
+<xsl:param name="html.csp.nonce" select="yelp:generate_nonce()"/>
+
+<xsl:template name="html.head.top.custom">
+  <xsl:param name="node" select="."/>
+  <meta http-equiv="Content-Security-Policy" content="default-src bogus-ghelp: bogus-gnome-help: bogus-help: bogus-help-list: bogus-info: bogus-man: ; script-src 'nonce-{$html.csp.nonce}'; style-src 'unsafe-inline'; "/>
+</xsl:template>
+
 <xsl:template name="html.js.mathjax">
   <xsl:param name="node" select="."/>
   <xsl:if test="$node//mml:*[1]">
diff --git a/libyelp/yelp-transform.c b/libyelp/yelp-transform.c
index e74eb463..2ce1d05b 100644
--- a/libyelp/yelp-transform.c
+++ b/libyelp/yelp-transform.c
@@ -71,6 +71,8 @@ static void      xslt_yelp_cache            (xsltTransformContextPtr  ctxt,
                                              xsltStylePreCompPtr      comp);
 static void      xslt_yelp_aux              (xmlXPathParserContextPtr ctxt,
                                              int                      nargs);
+static void      xslt_yelp_generate_nonce   (xmlXPathParserContextPtr ctxt,
+                                             int                      nargs);
 
 enum {
     PROP_0,
@@ -412,6 +414,10 @@ transform_run (YelpTransform *transform)
                              BAD_CAST "input",
                              BAD_CAST YELP_NAMESPACE,
                              (xmlXPathFunction) xslt_yelp_aux);
+    xsltRegisterExtFunction (priv->context,
+                         BAD_CAST "generate_nonce",
+                         BAD_CAST YELP_NAMESPACE,
+                         (xmlXPathFunction) xslt_yelp_generate_nonce);
 
     priv->output = xsltApplyStylesheetUser (priv->stylesheet,
                                             priv->input,
@@ -607,3 +613,16 @@ xslt_yelp_aux (xmlXPathParserContextPtr ctxt, int nargs)
     xsltExtensionInstructionResultRegister (tctxt, ret);
     valuePush (ctxt, ret);
 }
+
+static void
+xslt_yelp_generate_nonce (xmlXPathParserContextPtr ctxt, int nargs)
+{
+    GRand* rand;
+    gchar* nonce_str;
+
+    rand = g_rand_new ();
+    nonce_str = g_strdup_printf("%08x%08x", g_rand_int (rand), g_rand_int (rand));
+    xmlXPathReturnString (ctxt, xmlStrdup ((xmlChar *) nonce_str));
+    g_free(nonce_str);
+    g_rand_free(rand);
+}

-- 
GitLab