Edgewall Software
Modify

Opened 8 years ago

Closed 8 years ago

#10115 closed defect (fixed)

the html sanitizer does not remove / clean -o-link style attribute contents.

Reported by: anonymous Owned by: Remy Blank
Priority: normal Milestone: 0.12.3
Component: wiki system Version:
Severity: normal Keywords: xss opera security
Cc: Branch:
Release Notes:

Fixed a XSS vulnerability on Opera.

API Changes:

Description (last modified by Remy Blank)

the html sanitizer does not remove / clean -o-link style attribute contents.

e.g. -

"<div style="-o-link:'javascript:alert(1)';-o-link-source:current">X"

Attachments (0)

Change History (3)

comment:1 Changed 8 years ago by db.pub.mail@…

Erh this can be used against users using the opera browser.

comment:2 Changed 8 years ago by Remy Blank

Component: generalwiki system
Description: modified (diff)
Keywords: xss opera added
Milestone: 0.12.3
Owner: set to Remy Blank

comment:3 Changed 8 years ago by Remy Blank

Keywords: security added
Release Notes: modified (diff)
Resolution: fixed
Status: newclosed

Verified with Opera 11.01, and fixed in [10680].

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Remy Blank.
The resolution will be deleted.
to The owner will be changed from Remy Blank to the specified user.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.