#9006 closed defect (fixed)
Exploits in Dojo Toolkit
Reported by: | disturbed_1 | Owned by: | dante |
---|---|---|---|
Priority: | blocker | Milestone: | 1.3.1 |
Component: | Website | Version: | 1.3.0rc2 |
Keywords: | Exploit | Cc: | kriszyp |
Blocked By: | Blocking: |
Description
It many of the Dojo tookit's forms and basically anything where a user can submit text...
for example http://demos.dojotoolkit.org/demos/babelChat/
if you enter simple javascript it will run...
<script>alert('Vuln');</script>
This also means that it not only affects the sites look [By defacement] but also can endanger users [XSS Cookie Stealing]
This is just a heads up to make sure your scripts check characters/modify [Or at least have an option to do so] or else this will discourage users to not use your code....
If you want any more information feel free to contact me...
Change History (4)
comment:1 Changed 12 years ago by
Cc: | kriszyp added |
---|---|
Owner: | changed from Dustin Machi to dante |
comment:2 Changed 12 years ago by
Milestone: | tbd → 1.3.1 |
---|---|
Status: | new → assigned |
these are on the site now, so I'll be upping the demos/ to 1.3.1 asap. backporting the fixes so they make it.
comment:3 Changed 12 years ago by
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
So to be clear, you didn't find anything like this in dojotoolkit.org/ directly ... (drupal should be covering most of the inputs there) but I agree, babelChat should totally be escaping input too. Will fix that, but I'd love to hear if you know of any other places.
we have a ticket for adding core html-escaping functionality to Dojo, which will be used to sanitize stuff incoming like this.
Thanks for the headsup.