Changes between Initial Version and Version 3 of Ticket #10114
- Timestamp:
- Apr 22, 2011, 11:25:33 PM (13 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #10114
- Property Status new → closed
- Property Component general → wiki system
- Property Owner set to
- Property Milestone → 0.12.3
- Property Keywords xss ie security added
- Property Resolution → fixed
-
Ticket #10114 – Description
initial v3 1 The html macro does not sanitize behaviour:url in style attributes... 2 so the following 1 3 {{{ 2 The html macro does not sanitize behaviour:url in style attributes...3 so the following4 4 <div style="behavior:url(test.txt)"> 5 could be used to potentially xss a user using IE[0]. 5 }}} 6 could be used to potentially xss a user using IE. 6 7 7 8 The content of text.txt could be something like this: 8 "<SCRIPTLET> <IMPLEMENTS Type="Behavior"></IMPLEMENTS> <SCRIPT Language="javascript">alert(1)</SCRIPT> </SCRIPTLET>" -- Source [0] 9 10 11 12 [0] 13 http://heideri.ch/jso/#52 9 {{{ 10 <SCRIPTLET> 11 <IMPLEMENTS Type="Behavior"></IMPLEMENTS> 12 <SCRIPT Language="javascript">alert(1)</SCRIPT> 13 </SCRIPTLET> 14 14 }}} 15 Source: http://heideri.ch/jso/#52 -
Ticket #10114 – Release Notes
initial v3 1 Fixed a XSS vulnerability on IE.
