| Title | Arbitrary HTML markup in heading is rendered by TableOfContent plugin |
| Date | 04-May-2006 17:18:25 EEST |
| Version | 2.4.0 |
| Submitter | Jérôme Duprez |
| Bug criticality | BadBug |
| Browser version | Firefox |
| Bug status | ClosedBug |
| PageProvider used | CachingPageProvider |
| Servlet Container | Tomcat 5.5.9 |
| Operating System | Windows XP Pro |
| URL | Sand Box, see also example inline |
| Java version | 1.5.0_06 |
On a Wiki where HTML markup is disallowed, a malicious user might introduce HTML markup all the same using Table Of Contents Plugin. I have checked only with harmless markup (text formatting), but I presume arbitrary HTML code might be rendered, including malicious javascript.
Here is an example (as long as the engine running jspwiki.org will allow it :o):
<I>This heading might be italics but the engine forbids HTML markup so it is not#
<I>This text might be italics but it is not
<SUP>This heading might be superscript, but it is not#
<SUP>This text might be superscript, but it is not
And this is normal text, unnaffected
However if we put a table of contents [{TableOfContents }], the HTML markups in the headings are retained in the TOC text:
And this text appears as italics and superscript.
N.B.: I edited Wiki Markup Development because HTML tags in headings were rendered in its TOC, making the whole page unreadable.
Fixed in 2.4.31.
Add new attachment
- Features
- Download
- Documentation
- Templates
- Plugins
- Provider
- Filters
- Support
- FAQ
- Irc Channel
- Mailing List
- Weblog
- Applications
- Getting Involved
- JSPWIKI Testers
Development
Internet Search