Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#18552 closed defect (fixed)

Cross-site scripting vulnerability

Reported by: jhelleve Owned by: bill
Priority: undecided Milestone: 1.6.4
Component: Dijit Version: 1.9.3
Keywords: Cc:
Blocked By: Blocking:

Description

Our IBM Rational security scans have flagged the following dojo delivered file for a cross-site scripting vulnerability: File: dijit\bench\create_widgets.html Segment:

<body class=tundra>

<script language='javascript'>

document.write("<h2>Currently Creating "+count+" "+className+" instances</h2>");

</script>

...

Attachments (1)

dojo_cross_site_scripting.png (48.3 KB) - added by jhelleve 4 years ago.
Cross site scripting error

Download all attachments as: .zip

Change History (9)

Changed 4 years ago by jhelleve

Attachment: dojo_cross_site_scripting.png added

Cross site scripting error

comment:1 Changed 4 years ago by bill

Milestone: tbd1.6.4
Status: newassigned

OK, good catch, I'll fix.

comment:2 Changed 4 years ago by bill

FWIW my testing shows there isn't any vulnerability, but I do see a few typos in the regex so I'll fix those.

comment:3 Changed 4 years ago by Bill Keese <bill@…>

Resolution: fixed
Status: assignedclosed

In c654edee2ef93096a7b8011a9aa1f9df16b9b026/dijit:

Error: Processor CommitTicketReference failed
Unsupported version control system "git": Can't find an appropriate component, maybe the corresponding plugin was not enabled?

comment:4 Changed 4 years ago by Bill Keese <bill@…>

In da437c6431a0a91e295e249174cf613df7657f4c/dijit:

Error: Processor CommitTicketReference failed
Unsupported version control system "git": Can't find an appropriate component, maybe the corresponding plugin was not enabled?

comment:5 Changed 4 years ago by Bill Keese <bill@…>

In 5036e2fba5674bd48e990a4a7ecd25463588fc7d/dijit:

Error: Processor CommitTicketReference failed
Unsupported version control system "git": Can't find an appropriate component, maybe the corresponding plugin was not enabled?

comment:6 Changed 4 years ago by Bill Keese <bill@…>

In 8bc9c40295fc59ce55d763bc40c7cc85a9c7b822/dijit:

Error: Processor CommitTicketReference failed
Unsupported version control system "git": Can't find an appropriate component, maybe the corresponding plugin was not enabled?

comment:7 Changed 4 years ago by Bill Keese <bill@…>

In 0dbeed846e8e9fb1071e6daf282388e54c1c7d70/dijit:

Error: Processor CommitTicketReference failed
Unsupported version control system "git": Can't find an appropriate component, maybe the corresponding plugin was not enabled?

comment:8 Changed 4 years ago by Bill Keese <bill@…>

In 22e4ce4f601c0d61e42fef8ae91ac15e41c5d126/dijit:

Error: Processor CommitTicketReference failed
Unsupported version control system "git": Can't find an appropriate component, maybe the corresponding plugin was not enabled?
Note: See TracTickets for help on using tickets.