Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Blocker
Fix Version/s: 14.6-rc-1
Affects Version/s: Rendering in the platform, 3.1 M1
Component/s: Syntax - annotatedhtml/5.0, Syntax - annotatedxhtml/1.0, Syntax - html/5.0, Syntax - xhtml/1.0 & html/4.01, XML
Labels:

Tests:

Unit
Development Priority:
High
Difficulty:
Hard
Documentation:
N/A
Documentation in Release Notes:
N/A
Pull Request Status:
Pull Request accepted
Similar issues:

Description

To reproduce, just type the following in any document :

[[Click!>>path:javascript:alert('XSS')]].

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

XWiki-9151
5 kB
14/Jun/13 14:26

Issue Links

depends on

XCOMMONS-1680 Filter Html attributes in restricted mode based on a whitelist

Closed

is duplicated by

XWIKI-19141 stored XSS on XWiki

Closed

XWIKI-8593 XSS in images and links using on* parameter.

Closed

XWIKI-4740 Parser should filter (% style="background:url('javascript:badscript') %) because some browsers will execute such script.

Closed

relates to

XWIKI-19514 XSS using a JSX object

Closed

XWIKI-18049 Improve the html escaping mechanism for XSS protection

Closed

links to

GitHub Security advisory

(1 relates to, 2 links to)

Activity

People

Assignee:: Michael Hamann

Reporter:: Thomas Delafosse

Special Allowed Users:: Chenming Xu, Diana

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 17/May/13 14:59

Updated:: 27/Jun/23 11:14

Resolved:: 01/Jul/22 18:47

Date of First Response:: 30/May/13 9:08 AM