You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by br...@apache.org on 2022/03/05 15:13:30 UTC
[jspwiki] branch master updated: 2.11.3-git-01 : Fix for Xss vulnerability on XHRHtml2Markup.jsp.
This is an automated email from the ASF dual-hosted git repository.
brushed pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git
The following commit(s) were added to refs/heads/master by this push:
new 0a3e775 2.11.3-git-01 : Fix for Xss vulnerability on XHRHtml2Markup.jsp.
0a3e775 is described below
commit 0a3e775ace9bcd34b330919162131377ab5542a3
Author: brushed <di...@gmail.com>
AuthorDate: Sat Mar 5 16:13:19 2022 +0100
2.11.3-git-01 : Fix for Xss vulnerability on XHRHtml2Markup.jsp.
Adding additional protection against malicious injection of invalid html/xml.
---
ChangeLog.md | 8 ++++++++
jspwiki-api/src/main/java/org/apache/wiki/api/Release.java | 6 +++---
.../org/apache/wiki/htmltowiki/XHtmlElementToWikiTranslator.java | 8 ++++++++
jspwiki-war/src/main/webapp/XHRHtml2Markup.jsp | 2 +-
4 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/ChangeLog.md b/ChangeLog.md
index 1569198..f710652 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -17,6 +17,14 @@ specific language governing permissions and limitations
under the License.
-->
+**2022-03-05 Dirk Frederickx (brushed AT apache DOT org)**
+
+* _2.11.3-git-01_
+
+* Fix for Xss vulnerability on XHRHtml2Markup.jsp. Adding additional protection against
+ malicious injection of invalid html/xml.
+
+
**2022-02-20 Juan Pablo Santos (juanpablo AT apache DOT org)**
* _2.11.2-git-04_
diff --git a/jspwiki-api/src/main/java/org/apache/wiki/api/Release.java b/jspwiki-api/src/main/java/org/apache/wiki/api/Release.java
index c576132..a7d1580 100644
--- a/jspwiki-api/src/main/java/org/apache/wiki/api/Release.java
+++ b/jspwiki-api/src/main/java/org/apache/wiki/api/Release.java
@@ -50,7 +50,7 @@ public final class Release {
* <p>
* If the POSTFIX is empty, it is not added to the version string.
*/
- private static final String POSTFIX = "";
+ private static final String POSTFIX = "-git-";
/** The JSPWiki major version. */
public static final int VERSION = 2;
@@ -59,7 +59,7 @@ public final class Release {
public static final int REVISION = 11;
/** The minor revision. */
- public static final int MINORREVISION = 2;
+ public static final int MINORREVISION = 3;
/** The build number/identifier. This is a String as opposed to an integer, just so that people can add other identifiers to it.
* The build number is incremented every time a committer checks in code, and reset when a release is made.
@@ -69,7 +69,7 @@ public final class Release {
* <p>
* If the build identifier is empty, it is not added.
*/
- public static final String BUILD = "";
+ public static final String BUILD = "01";
/**
* This is the generic version string you should use when printing out the version. It is of
diff --git a/jspwiki-main/src/main/java/org/apache/wiki/htmltowiki/XHtmlElementToWikiTranslator.java b/jspwiki-main/src/main/java/org/apache/wiki/htmltowiki/XHtmlElementToWikiTranslator.java
index 7229fd5..6362096 100644
--- a/jspwiki-main/src/main/java/org/apache/wiki/htmltowiki/XHtmlElementToWikiTranslator.java
+++ b/jspwiki-main/src/main/java/org/apache/wiki/htmltowiki/XHtmlElementToWikiTranslator.java
@@ -28,6 +28,7 @@ import org.apache.wiki.util.XmlUtil;
import org.jdom2.Content;
import org.jdom2.Element;
import org.jdom2.JDOMException;
+import org.jdom2.Verifier;
import org.jdom2.Text;
import org.jdom2.xpath.XPathFactory;
@@ -105,6 +106,13 @@ public class XHtmlElementToWikiTranslator {
translateText( ( Text ) element );
} else if( element instanceof Element ) {
final Element base = ( Element )element;
+ final String n = base.getName().toLowerCase();
+ final String reason = Verifier.checkElementName(n);
+
+ if (reason != null) return; /* invalid element name */
+
+ if( "script".equals( n ) ) return; /* nono, not a good idea*/
+
if( "imageplugin".equals( base.getAttributeValue( "class" ) ) ) {
translateImage( base );
} else if( "wikiform".equals( base.getAttributeValue( "class" ) ) ) {
diff --git a/jspwiki-war/src/main/webapp/XHRHtml2Markup.jsp b/jspwiki-war/src/main/webapp/XHRHtml2Markup.jsp
index 6886782..9151931 100644
--- a/jspwiki-war/src/main/webapp/XHRHtml2Markup.jsp
+++ b/jspwiki-war/src/main/webapp/XHRHtml2Markup.jsp
@@ -39,7 +39,7 @@
if( !wiki.getManager( AuthorizationManager.class ).hasAccess( wikiContext, response ) ) return;
- response.setContentType("text/html; charset="+wiki.getContentEncoding() );
+ response.setContentType("text/plain; charset="+wiki.getContentEncoding() );
//response.setHeader( "Cache-control", "max-age=0" );
//response.setDateHeader( "Expires", new Date().getTime() );
//response.setDateHeader( "Last-Modified", new Date().getTime() );