| Summary | View HTML attach do not render anything |
| Queue | IMP |
| Queue Version | Git master |
| Type | Bug |
| State | Not A Bug |
| Priority | 1. Low |
| Owners | |
| Requester | rui.carneiro (at) portugalmail (dot) net |
| Created | 09/16/2009 (5772 days ago) |
| Due | |
| Updated | 10/09/2009 (5749 days ago) |
| Assigned | 09/16/2009 (5772 days ago) |
| Resolved | 10/09/2009 (5749 days ago) |
| Github Issue Link | |
| Github Pull Request | |
| Milestone | |
| Patch | No |
because this is the only safe match (end of tag). We can't match [^'"]
because the offending attribute might not be closed with a quote.
New Attachment: xss101.html
easily be dropped into the tests/ directory of the Horde_Text_Filter
package.
easily be dropped into the tests/ directory of the Horde_Text_Filter
package. I don't understand what your example is supposed to show.
The preg in the previous comment is nowhere near the same as the preg
contained in Xss.php.
'/(=|url\()("?)[^>]*script:/'
With this simplified version I tried 3 different tests and the results
are quite inconsistent.
1- onclick='javascript:console.log("test");' - Works fine.
2- style="background: url('javascript:test()');" - Works fine.
3- Test 1 and 2 on the same element - Does not work.
NOTE: this bug occurs on previous versions of IMP too.
State ⇒ Feedback
Priority ⇒ 1. Low
Type ⇒ Bug
Summary ⇒ View HTML attach do not render anything
Queue ⇒ IMP
Milestone ⇒
Patch ⇒ No
State ⇒ Unconfirmed
the attach is a HTML file.
The problem might be on the regex that remove
"attribute="javascript:foo()". When this is preg is commented all work
fine.