You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Carl Hall (Updated) (JIRA)" <ji...@apache.org> on 2012/02/25 01:21:53 UTC

[jira] [Updated] (SLING-2427) HtmlRendererServlet allows outputting arbitrary HTML

     [ https://issues.apache.org/jira/browse/SLING-2427?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Carl Hall updated SLING-2427:
-----------------------------

    Description: 
When using HtmlRendererServlet to return content in an HTML format, it is possible to inject arbitrary HTML into the returned page.

To reproduce:
1. Add a node of content
* curl -u admin:admin -F test=true http://localhost:8080/test_node
2. Get the new node in HTML format and append extra data to the URL
* http://localhost:8080/test_node.html/<font size='88' color='red'>VOTE SLING</font><iframe height=800 width=600 src='http://www.uva.nl' /></iframe>

JIRA will escape the above URL. The unescaped URL is here: http://pastie.org/3451245

  was:
When using HtmlRendererServlet to return content in an HTML format, it is possible to inject arbitrary HTML into the returned page.

To reproduce:
1. Add a node of content
* curl -u admin:admin -F test=true http://localhost:8080/test_node
2. Get the new node in HTML format and append extra data to the URL
* http://localhost:8080/test_node.html/<font size='88' color='red'>VOTE SLING</font><iframe height=800 width=600 src='http://www.uva.nl' /></iframe>

    
> HtmlRendererServlet allows outputting arbitrary HTML
> ----------------------------------------------------
>
>                 Key: SLING-2427
>                 URL: https://issues.apache.org/jira/browse/SLING-2427
>             Project: Sling
>          Issue Type: Bug
>          Components: Servlets
>    Affects Versions: Servlets Get 2.1.2
>            Reporter: Carl Hall
>            Assignee: Carl Hall
>
> When using HtmlRendererServlet to return content in an HTML format, it is possible to inject arbitrary HTML into the returned page.
> To reproduce:
> 1. Add a node of content
> * curl -u admin:admin -F test=true http://localhost:8080/test_node
> 2. Get the new node in HTML format and append extra data to the URL
> * http://localhost:8080/test_node.html/<font size='88' color='red'>VOTE SLING</font><iframe height=800 width=600 src='http://www.uva.nl' /></iframe>
> JIRA will escape the above URL. The unescaped URL is here: http://pastie.org/3451245

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira