Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Major
Fix Version/s: 13.10.11, 15.0-rc-1, 14.10.2, 14.4.8
Affects Version/s: 3.0 M3
Component/s: XML
Labels:
None

Tests:

Unit, Integration
Difficulty:
Unknown
Documentation:
N/A
Documentation in Release Notes:
N/A
Pull Request Status:
Pull Request accepted
Similar issues:

Description

XMLUtils#escapeXMLComment should also escape { as this is what is used in XHTML rendering to escape XML comments that are used for metadata which may contain user-generated content and such content may be injected in HTML macros. This metadata is only generated in the annotated renderers and I was unable to trigger it in nested rendering contexts where this could be used to actually close a surrounding HTML macro so as of now I'm not aware of any security impact. The only place where I'm aware that this was exploitable is the situation described in ~~CKEDITOR-134~~ but this has been fixed independently.

This is a follow-up of ~~XWIKI-7894~~.

Attachments

Activity

People

Assignee:: Michael Hamann

Reporter:: Michael Hamann

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 05/Dec/22 14:05

Updated:: 14/Dec/22 08:45

Resolved:: 14/Dec/22 08:45