You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Carl Hall (Created) (JIRA)" <ji...@apache.org> on 2012/02/25 01:21:48 UTC
[jira] [Created] (SLING-2427) HtmlRendererServlet allows outputting
arbitrary HTML
HtmlRendererServlet allows outputting arbitrary HTML
----------------------------------------------------
Key: SLING-2427
URL: https://issues.apache.org/jira/browse/SLING-2427
Project: Sling
Issue Type: Bug
Components: Servlets
Affects Versions: Servlets Get 2.1.2
Reporter: Carl Hall
Assignee: Carl Hall
When using HtmlRendererServlet to return content in an HTML format, it is possible to inject arbitrary HTML into the returned page.
To reproduce:
1. Add a node of content
* curl -u admin:admin -F test=true http://localhost:8080/test_node
2. Get the new node in HTML format and append extra data to the URL
* http://localhost:8080/test_node.html/<font size='88' color='red'>VOTE SLING</font><iframe height=800 width=600 src='http://www.uva.nl' /></iframe>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (SLING-2427) HtmlRendererServlet allows
outputting arbitrary HTML
Posted by "Carl Hall (Resolved) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2427?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Carl Hall resolved SLING-2427.
------------------------------
Resolution: Fixed
Fix Version/s: Servlets Get 2.1.4
Fixed in r1293518
> HtmlRendererServlet allows outputting arbitrary HTML
> ----------------------------------------------------
>
> Key: SLING-2427
> URL: https://issues.apache.org/jira/browse/SLING-2427
> Project: Sling
> Issue Type: Bug
> Components: Servlets
> Affects Versions: Servlets Get 2.1.2
> Reporter: Carl Hall
> Assignee: Carl Hall
> Fix For: Servlets Get 2.1.4
>
>
> When using HtmlRendererServlet to return content in an HTML format, it is possible to inject arbitrary HTML into the returned page.
> To reproduce:
> 1. Add a node of content
> * curl -u admin:admin -F test=true http://localhost:8080/test_node
> 2. Get the new node in HTML format and append extra data to the URL
> * http://localhost:8080/test_node.html/<font size='88' color='red'>VOTE SLING</font><iframe height=800 width=600 src='http://www.uva.nl' /></iframe>
> JIRA will escape the above URL. The unescaped URL is here: http://pastie.org/3451245
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (SLING-2427) HtmlRendererServlet allows outputting
arbitrary HTML
Posted by "Carl Hall (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2427?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Carl Hall updated SLING-2427:
-----------------------------
Description:
When using HtmlRendererServlet to return content in an HTML format, it is possible to inject arbitrary HTML into the returned page.
To reproduce:
1. Add a node of content
* curl -u admin:admin -F test=true http://localhost:8080/test_node
2. Get the new node in HTML format and append extra data to the URL
* http://localhost:8080/test_node.html/<font size='88' color='red'>VOTE SLING</font><iframe height=800 width=600 src='http://www.uva.nl' /></iframe>
JIRA will escape the above URL. The unescaped URL is here: http://pastie.org/3451245
was:
When using HtmlRendererServlet to return content in an HTML format, it is possible to inject arbitrary HTML into the returned page.
To reproduce:
1. Add a node of content
* curl -u admin:admin -F test=true http://localhost:8080/test_node
2. Get the new node in HTML format and append extra data to the URL
* http://localhost:8080/test_node.html/<font size='88' color='red'>VOTE SLING</font><iframe height=800 width=600 src='http://www.uva.nl' /></iframe>
> HtmlRendererServlet allows outputting arbitrary HTML
> ----------------------------------------------------
>
> Key: SLING-2427
> URL: https://issues.apache.org/jira/browse/SLING-2427
> Project: Sling
> Issue Type: Bug
> Components: Servlets
> Affects Versions: Servlets Get 2.1.2
> Reporter: Carl Hall
> Assignee: Carl Hall
>
> When using HtmlRendererServlet to return content in an HTML format, it is possible to inject arbitrary HTML into the returned page.
> To reproduce:
> 1. Add a node of content
> * curl -u admin:admin -F test=true http://localhost:8080/test_node
> 2. Get the new node in HTML format and append extra data to the URL
> * http://localhost:8080/test_node.html/<font size='88' color='red'>VOTE SLING</font><iframe height=800 width=600 src='http://www.uva.nl' /></iframe>
> JIRA will escape the above URL. The unescaped URL is here: http://pastie.org/3451245
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira