In summary: a website card that loads a malicious website into a Canvas view can corrupt arbitrary vault documents, leak some privacy information, and spawn new internal URI calls and some external processes.
Details: The new canvas feature allows remote websites to trigger internal obsidian URIs like open/new/search etc. both directly and through the
x-success parameter. These URIs can be triggered by the website calling a meta refresh directive i.e
<meta http-equiv="refresh" content="0;URL='obsidian://new? … etc.
In the first order this allows any websites dropped into Canvas to add/delete/modify any file in the loaded vault. Creation of files is limited to
.md files, but editing includes
.canvas files. Because
new URIs auto-open files in Obsidian this allows a single corrupted website to effectively chain spawn multiple malicious URI processes.
Because Canvas website cards can call OS-level URIs like
ms-excel (in addition to e.g.
https) this means that a malicious website loaded into a canvas context can effectively force-open a number of different applications on the system (and depending on the OS configuration this could lead to exploiting further vulnerabilities and/or arbitrary code execution depending on the mapped applications)
As an aside: the above issue also allows a malicious website to corrupt and/or overwrite any other file type e.g. image files using the
overwrite URI parameter.
Accessible URIs are not limited the documented
new, but also non-public ones like
show-plugin - and while I haven’t checked this, I assume the same would be true for any URIs exposed by community plugins also.
There is also a mild privacy issue in that because the
x-successcallback is only called for valid files a malicious website dropped into a canvas could use that callback to map out valid and existing files.
Less impactful, the
obsidian://new URI allows the creation of arbitrary folders outside of the vault hierarchy e.g. by setting
file=../../../../new/folder/structure (though stops short of allow arbitrary file creation)
The sole mitigation is that exploitation requires that a user actively load a malicious website card into a Canvas (but it is worth noting that because each website card is refreshed on loading this means that honest websites that become corrupted are also a possible attack vector).