Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-5996

CSRF tokens can sometimes break the HTML and layout

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 3.0 M2
    • Fix Version/s: 2.7.1, 3.0 M3
    • Component/s: Other
    • Labels:
      None
    • Tests:
      Unit
    • Difficulty:
      Unknown
    • Similar issues:

      Description

      They can contain underscores, and they can sometimes come in pairs, and that is the wiki syntax for underline. If the token happens to be in a block that is supposed to allow wiki syntax, which happens almost always, then the whole HTML gets broken, as in:

      <input name="form_token" type="hidden" value="M5"></input><del>40xQ_xNlw9am5bA9RA" /&gt;</del>
      

        Attachments

          Activity

            People

            Assignee:
            nickless Alex Busenius
            Reporter:
            sdumitriu Sergiu Dumitriu
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response: