Opened 13 years ago
Closed 13 years ago
#10115 closed defect (fixed)
the html sanitizer does not remove / clean -o-link style attribute contents. — at Version 3
| Reported by: | anonymous | Owned by: | Remy Blank |
|---|---|---|---|
| Priority: | normal | Milestone: | 0.12.3 |
| Component: | wiki system | Version: | |
| Severity: | normal | Keywords: | xss opera security |
| Cc: | Branch: | ||
| Release Notes: |
Fixed a XSS vulnerability on Opera. |
||
| API Changes: | |||
| Internal Changes: | |||
Description (last modified by )
the html sanitizer does not remove / clean -o-link style attribute contents.
e.g. -
"<div style="-o-link:'javascript:alert(1)';-o-link-source:current">X"
- Source http://heideri.ch/jso/#9
Change History (3)
comment:1 by , 13 years ago
comment:2 by , 13 years ago
| Component: | general → wiki system |
|---|---|
| Description: | modified (diff) |
| Keywords: | xss opera added |
| Milestone: | → 0.12.3 |
| Owner: | set to |
comment:3 by , 13 years ago
| Keywords: | security added |
|---|---|
| Release Notes: | modified (diff) |
| Resolution: | → fixed |
| Status: | new → closed |
Verified with Opera 11.01, and fixed in [10680].
Note:
See TracTickets
for help on using tickets.
Erh this can be used against users using the opera browser.