Re: [myexperiment-hackers] [2394] trunk/app: Fix for case 98981

myexperiment-hackers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [myexperiment-hackers] [2394] trunk/app: Fix for case 98981 - javasc

From:	Danius Michaelides
Subject:	Re: [myexperiment-hackers] [2394] trunk/app: Fix for case 98981 - javascript injection in Pack name, reported by Jits.
Date:	Wed, 28 Apr 2010 15:02:02 +0100 (BST)
User-agent:	Alpine 2.00 (LRH 1167 2008-08-23)

I've just tested this on the services branch and it does still render
the HTML (even though the source has the HTML encoded text). Does this
mean that any HTML escaped content in the tooltips will still be
rendered by the browser, thus allowing for any script injection
regardless of it being html encoded? Or do we need to double html encode
stuff? Or maybe the right thing to do here is use the white_list method
to explicitly get rid of any <script> tags etc?


In the tooltip case user content ends up being doubly encoded:
- any user content should be html encoded
- any html used in a tooltip should also be encoded

Could white list things, yes, but I'd say you'd be safer html escaping
as well.

Danius

[Prev in Thread]

Current Thread

[Next in Thread]

[myexperiment-hackers] [2394] trunk/app: Fix for case 98981 - javascript injection in Pack name, reported by Jits., noreply, 2010/04/27
- Re: [myexperiment-hackers] [2394] trunk/app: Fix for case 98981 - javascript injection in Pack name, reported by Jits., Jiten Bhagat, 2010/04/27
  - Message not available
    - Re: [myexperiment-hackers] [2394] trunk/app: Fix for case 98981 - javascript injection in Pack name, reported by Jits., Danius Michaelides, 2010/04/27
    - Re: [myexperiment-hackers] [2394] trunk/app: Fix for case 98981 - javascript injection in Pack name, reported by Jits., Jiten Bhagat, 2010/04/28
    - Message not available
    - Re: [myexperiment-hackers] [2394] trunk/app: Fix for case 98981 - javascript injection in Pack name, reported by Jits., Danius Michaelides, 2010/04/28
    - Re: [myexperiment-hackers] [2394] trunk/app: Fix for case 98981 - javascript injection in Pack name, reported by Jits., Jiten Bhagat, 2010/04/28
    - Re: [myexperiment-hackers] [2394] trunk/app: Fix for case 98981 - javascript injection in Pack name, reported by Jits., Jiten Bhagat, 2010/04/28
    - Message not available
    - Re: [myexperiment-hackers] [2394] trunk/app: Fix for case 98981 - javascript injection in Pack name, reported by Jits., Danius Michaelides <=
    - Re: [myexperiment-hackers] [2394] trunk/app: Fix for case 98981 - javascript injection in Pack name, reported by Jits., Jiten Bhagat, 2010/04/28
    - Message not available
    - Re: [myexperiment-hackers] [2394] trunk/app: Fix for case 98981 - javascript injection in Pack name, reported by Jits., Danius Michaelides, 2010/04/28

Prev by Date: [myexperiment-hackers] [2396] trunk/vendor/plugins/acts_as_taggable_redux/lib/ acts_as_taggable_helper.rb: Protect display of tags from html injection vulnerability.
Next by Date: Re: [myexperiment-hackers] [2394] trunk/app: Fix for case 98981 - javascript injection in Pack name, reported by Jits.
Previous by thread: Re: [myexperiment-hackers] [2394] trunk/app: Fix for case 98981 - javascript injection in Pack name, reported by Jits.
Next by thread: Re: [myexperiment-hackers] [2394] trunk/app: Fix for case 98981 - javascript injection in Pack name, reported by Jits.
Index(es):
- Date
- Thread