TitleArbitrary HTML markup in heading is rendered by TableOfContent plugin
Date04-May-2006 17:18:25 EEST
Version2.4.0
SubmitterJérôme Duprez
Bug criticalityBadBug
Browser versionFirefox
Bug statusClosedBug
PageProvider usedCachingPageProvider
Servlet ContainerTomcat 5.5.9
Operating SystemWindows XP Pro
URLSand Box, see also example inline
Java version1.5.0_06

On a Wiki where HTML markup is disallowed, a malicious user might introduce HTML markup all the same using Table Of Contents Plugin. I have checked only with harmless markup (text formatting), but I presume arbitrary HTML code might be rendered, including malicious javascript.

Here is an example (as long as the engine running jspwiki.org will allow it :o):

<I>This heading might be italics but the engine forbids HTML markup so it is not#

<I>This text might be italics but it is not

<SUP>This heading might be superscript, but it is not#

<SUP>This text might be superscript, but it is not

And this is normal text, unnaffected

However if we put a table of contents [{TableOfContents }], the HTML markups in the headings are retained in the TOC text:

And this text appears as italics and superscript.

N.B.: I edited Wiki Markup Development because HTML tags in headings were rendered in its TOC, making the whole page unreadable.


Fixed in 2.4.31.

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-6) was last changed on 05-Aug-2006 14:05 by 82.181.5.170