You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by br...@apache.org on 2022/03/05 15:13:30 UTC

[jspwiki] branch master updated: 2.11.3-git-01 : Fix for Xss vulnerability on XHRHtml2Markup.jsp.

This is an automated email from the ASF dual-hosted git repository.

brushed pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git


The following commit(s) were added to refs/heads/master by this push:
     new 0a3e775  2.11.3-git-01 : Fix for Xss vulnerability on XHRHtml2Markup.jsp.
0a3e775 is described below

commit 0a3e775ace9bcd34b330919162131377ab5542a3
Author: brushed <di...@gmail.com>
AuthorDate: Sat Mar 5 16:13:19 2022 +0100

    2.11.3-git-01 : Fix for Xss vulnerability on XHRHtml2Markup.jsp.
    
    Adding additional protection against  malicious injection of invalid html/xml.
---
 ChangeLog.md                                                      | 8 ++++++++
 jspwiki-api/src/main/java/org/apache/wiki/api/Release.java        | 6 +++---
 .../org/apache/wiki/htmltowiki/XHtmlElementToWikiTranslator.java  | 8 ++++++++
 jspwiki-war/src/main/webapp/XHRHtml2Markup.jsp                    | 2 +-
 4 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/ChangeLog.md b/ChangeLog.md
index 1569198..f710652 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -17,6 +17,14 @@ specific language governing permissions and limitations
 under the License.
 -->
 
+**2022-03-05  Dirk Frederickx (brushed AT apache DOT org)**
+
+* _2.11.3-git-01_
+
+* Fix for Xss vulnerability on XHRHtml2Markup.jsp.  Adding additional protection against
+  malicious injection of invalid html/xml.
+
+
 **2022-02-20  Juan Pablo Santos (juanpablo AT apache DOT org)**
 
 * _2.11.2-git-04_
diff --git a/jspwiki-api/src/main/java/org/apache/wiki/api/Release.java b/jspwiki-api/src/main/java/org/apache/wiki/api/Release.java
index c576132..a7d1580 100644
--- a/jspwiki-api/src/main/java/org/apache/wiki/api/Release.java
+++ b/jspwiki-api/src/main/java/org/apache/wiki/api/Release.java
@@ -50,7 +50,7 @@ public final class Release {
      *  <p>
      *  If the POSTFIX is empty, it is not added to the version string.
      */
-    private static final String    POSTFIX       = "";
+    private static final String    POSTFIX       = "-git-";
 
     /** The JSPWiki major version. */
     public static final int        VERSION       = 2;
@@ -59,7 +59,7 @@ public final class Release {
     public static final int        REVISION      = 11;
 
     /** The minor revision.  */
-    public static final int        MINORREVISION = 2;
+    public static final int        MINORREVISION = 3;
 
     /** The build number/identifier.  This is a String as opposed to an integer, just so that people can add other identifiers to it.
      * The build number is incremented every time a committer checks in code, and reset when a release is made.
@@ -69,7 +69,7 @@ public final class Release {
      *  <p>
      *  If the build identifier is empty, it is not added.
      */
-    public static final String     BUILD         = "";
+    public static final String     BUILD         = "01";
 
     /**
      *  This is the generic version string you should use when printing out the version.  It is of
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/htmltowiki/XHtmlElementToWikiTranslator.java b/jspwiki-main/src/main/java/org/apache/wiki/htmltowiki/XHtmlElementToWikiTranslator.java
index 7229fd5..6362096 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/htmltowiki/XHtmlElementToWikiTranslator.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/htmltowiki/XHtmlElementToWikiTranslator.java
@@ -28,6 +28,7 @@ import org.apache.wiki.util.XmlUtil;
 import org.jdom2.Content;
 import org.jdom2.Element;
 import org.jdom2.JDOMException;
+import org.jdom2.Verifier;
 import org.jdom2.Text;
 import org.jdom2.xpath.XPathFactory;
 
@@ -105,6 +106,13 @@ public class XHtmlElementToWikiTranslator {
             translateText( ( Text ) element );
         } else if( element instanceof Element ) {
             final Element base = ( Element )element;
+            final String n = base.getName().toLowerCase();
+            final String reason = Verifier.checkElementName(n);
+
+            if (reason != null)  return; /* invalid element name */
+
+            if( "script".equals( n ) ) return; /* nono, not a good idea*/
+
             if( "imageplugin".equals( base.getAttributeValue( "class" ) ) ) {
                 translateImage( base );
             } else if( "wikiform".equals( base.getAttributeValue( "class" ) ) ) {
diff --git a/jspwiki-war/src/main/webapp/XHRHtml2Markup.jsp b/jspwiki-war/src/main/webapp/XHRHtml2Markup.jsp
index 6886782..9151931 100644
--- a/jspwiki-war/src/main/webapp/XHRHtml2Markup.jsp
+++ b/jspwiki-war/src/main/webapp/XHRHtml2Markup.jsp
@@ -39,7 +39,7 @@
 
   if( !wiki.getManager( AuthorizationManager.class ).hasAccess( wikiContext, response ) ) return;
 
-  response.setContentType("text/html; charset="+wiki.getContentEncoding() );
+  response.setContentType("text/plain; charset="+wiki.getContentEncoding() );
   //response.setHeader( "Cache-control", "max-age=0" );
   //response.setDateHeader( "Expires", new Date().getTime() );
   //response.setDateHeader( "Last-Modified", new Date().getTime() );