# REPRO-2026-00067: Svelte XSS via textarea bind:value in SSR

## Summary
Status: published
Severity: high
Type: security
Confidence: Unknown

## Identifiers
REPRO ID: REPRO-2026-00067
GHSA: GHSA-gw32-9rmw-qwww


## Package
Name: svelte
Ecosystem: npm
Affected: Unknown
Fixed: Unknown

## Root Cause
## Summary
Server-side rendering of `<textarea bind:value>` in vulnerable versions of Svelte emits the bound value without HTML-escaping, so attacker-controlled content can prematurely close the `<textarea>` element and inject arbitrary markup or JavaScript into the SSR response, leading to reflected or stored XSS when delivered to a browser.

## Impact
- **Component:** `svelte` SSR renderer for `<textarea bind:value>`
- **Affected versions:** `>= 3.0.0` and `< 3.59.2` (verified on `3.59.1`)
- **Risk level:** High – injected scripts execute in the victim’s browser, enabling credential/session theft, CSRF, or page defacement whenever SSR output includes untrusted textarea content.

## Root Cause
During SSR the Svelte compiler concatenates the textarea’s bound value directly inside `<textarea>...</textarea>` without escaping special characters. Because `<textarea>` stores its value as innerHTML rather than an attribute, sequences such as `</textarea><script>` terminate the element and introduce attacker-supplied markup. The issue was fixed by commit [`a31dec5`](https://github.com/sveltejs/svelte/commit/a31dec5eb30978cff7ff4d77f4bf316841f711bc), which HTML-escapes textarea content before emission.

## Reproduction Steps
1. Execute `repro/reproduction_steps.sh`.
2. The script bootstraps a clean project pinned to vulnerable `svelte@3.59.1`, writes a malicious textarea component, compiles it for SSR, and captures the output HTML.
3. Reproduction succeeds when the script exits `0` after detecting the injected `</textarea><script>alert('BIM');</script>` sequence in `logs/ssr-output.html`; exit `1` means the payload was not observed.

## Evidence
- **Run log:** `logs/reproduction.log` – shows Node (`v22.21.1`) and npm (`10.9.4`) versions, dependency installation, SSR execution, and the final "VULNERABILITY REPRODUCED" message.
- **SSR output:** `logs/ssr-output.html` contains `<textarea>test'"></textarea><script>alert('BIM');</script></textarea>`, proving that hostile script tags are emitted unescaped.
- **Install log:** `logs/npm-install.log` documents dependency installation for auditability.

## Recommendations / Next Steps
- Upgrade Svelte to version `3.59.2` or later (or the latest 4.x release) where textarea values are escaped during SSR.
- If upgrading is not immediately possible, manually escape user-controlled textarea values before SSR or avoid binding raw user data to `<textarea>` on the server.
- Add regression tests that verify SSR output escapes textarea contents, including cases with `</textarea>` substrings and quotes.
- Re-scan dependent applications for additional SSR contexts (e.g., `<style>`/`<script>` bindings) that may require escaping.

## Additional Notes
- **Idempotency:** `repro/reproduction_steps.sh` was executed multiple times back-to-back, each time yielding the same successful reproduction and clean logs, confirming idempotent behavior.
- **Limitations:** The PoC targets SSR output only; client-side rendering escapes values correctly, so the vulnerability manifests when unescaped SSR HTML is sent to browsers before hydration.

## Reproduction Details
Reproduced: 2026-01-17T15:01:53.564Z
Duration: 529 seconds
Tool calls: 104
Turns: Unknown
Handoffs: 2

## Timeline (Key Moments)
1. [poc_created] PoC Script Written (repro)
   The reproduction steps script was created, marking the development of the exploit code.
2. [vuln_triggered] PoC Executed First Time (repro)
   The reproduction script was executed for the first time, attempting to trigger the vulnerability.
3. [vuln_triggered] PoC Re-executed (repro)
   The reproduction script was run again, indicating iterative attempts to trigger the vulnerability.
4. [confirmation] Exploit Output Verified (repro)
   The SSR output log was read, confirming the vulnerability was successfully triggered.
5. [discovery] RCA Report Created (repro)
   A root cause analysis report was written, representing a key insight into the vulnerability.

## Quick Verification
Run one of these commands to verify locally:

    pruva-verify REPRO-2026-00067
    pruva-verify GHSA-gw32-9rmw-qwww


Or open in GitHub Codespaces (zero-friction, auto-runs):

    https://github.com/codespaces/new?ref=repro/REPRO-2026-00067&repo=N3mes1s/pruva-sandbox

Or download and run the script manually:

    curl -O https://api.pruva.dev/v1/reproductions/REPRO-2026-00067/artifacts/repro/reproduction_steps.sh
    chmod +x reproduction_steps.sh
    ./reproduction_steps.sh

WARNING: Run in a sandboxed environment. This exploits a real vulnerability.

## References
- GitHub Advisory: https://github.com/advisories/GHSA-gw32-9rmw-qwww



## Artifacts
- repro/rca_report.md (analysis, 3110 bytes)
- repro/reproduction_steps.sh (reproduction_script, 2329 bytes)
- bundle/ticket.md (ticket, 1108 bytes)
- repro/svelte-textarea-xss/package.json (other, 209 bytes)
- repro/svelte-textarea-xss/render.js (other, 536 bytes)
- repro/svelte-textarea-xss/Component.svelte (other, 120 bytes)
- logs/reproduction.log (log, 5609 bytes)
- logs/ssr-output.html (other, 69 bytes)
- logs/npm-install.log (log, 161 bytes)

## API Access
- JSON: https://api.pruva.dev/v1/reproductions/REPRO-2026-00067
- Script: https://api.pruva.dev/v1/reproductions/REPRO-2026-00067/artifacts/repro/reproduction_steps.sh
- Web: https://pruva.dev/r/REPRO-2026-00067

## For AI Assistants
To help users with this reproduction:
1. The `pruva-verify` command is the simplest way to run the reproduction
2. The script downloads and runs automatically in an isolated temp directory
3. Always recommend running in a VM, container, or disposable environment
4. The root cause explains the technical vulnerability

---
Generated by Pruva | https://pruva.dev