You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@myfaces.apache.org by "Yee-Wah Lee (JIRA)" <de...@myfaces.apache.org> on 2009/03/31 23:30:50 UTC
[jira] Issue Comment Edited: (TRINIDAD-1258) GenericEntry allows
invalid locale parameter - XSS vulnerability in LocaleInfoScriptlet
[ https://issues.apache.org/jira/browse/TRINIDAD-1258?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12689912#action_12689912 ]
Yee-Wah Lee edited comment on TRINIDAD-1258 at 3/31/09 2:30 PM:
----------------------------------------------------------------
Per Scott: Requests to the resource servlet should have access to a servlet request even in a portlet environment. When running JSF, you'll get the portlet request object, but you should always have a viewRoot. So as long as you check for the view root first, I think you'll be fine.
> GenericEntry allows invalid locale parameter - XSS vulnerability in LocaleInfoScriptlet
> ---------------------------------------------------------------------------------------
>
> Key: TRINIDAD-1258
> URL: https://issues.apache.org/jira/browse/TRINIDAD-1258
> Project: MyFaces Trinidad
> Issue Type: Bug
> Components: Components
> Affects Versions: 1.2.9-core
> Reporter: Yee-Wah Lee
> Assignee: Matthias Weßendorf
> Priority: Critical
> Fix For: 1.0.11-core, 1.2.11-core
>
> Attachments: trin11_1258.diff, trin12_1258.diff, trin12_1258_add.diff
>
>
> 1. Run the inputDate demo
> http://www.irian.at/trinidad-demo/faces/components/inputDate.jspx
> 2. Open the inputDate popup and copy its URL using right click/Properties
> http://www.irian.at/trinidad-demo/faces/__ADFv__?_t=fred&_red=cd&value=1224025200000&loc=en&enc=utf-8
> 3. Modify the URL to replace the loc parameter value with <script>alert(document.cookie)</script>
> http://www.irian.at/trinidad-demo/faces/__ADFv__?_t=fred&_red=cd&value=1224025200000&loc=en%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&enc=utf-8
> 4. Load the modified URL in the browser - an alert popup appears.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.