[JC-1706] XSS in adding external link dialog - JTalks JIRA

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 2.3 Larks
Fix Version/s: 2.4 Larks
Labels:
- xss

Sprint:
2.4 Larks

Description

Steps to reproduce
1. Log in with permissions to edit external links.
2. Go to external links editor
3. Press "Add" button
4. Fill all fields with

<script>alert("Ha")<script>

5. Press "Save" button
IMPORTANT!!
do not close external link popup window unless you have DB access
6. Open JCommune main page in new tab.

Actual result

Window with link editor isn't closed
Layout is broken (see screenshot)
If user adds one more link - there is link with "data-original-title" title in link list.

Expected result
URL should be escaped when the page is rendered so that its symbols are not considered as special.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

Layout is broken.jpg
04/Dec/13 12:38 AM
189 kB
Artem R

Issue Links

relates to

JC-1667 Refactor External Links dialog to create Title, Hint, Href inputs

Closed

Structure Settings

Structure

(does not include JC-1706)

Activity

Ascending order - Click to sort in descending order

7 older comments

Hide

Permalink

Stanislav Bashkyrtsev added a comment - 19/Dec/13 1:09 AM

Stanislav Koval, why did you move back to your own custom methods? What was wrong with the existing one?

Show

Stanislav Bashkyrtsev added a comment - 19/Dec/13 1:09 AM Stanislav Koval , why did you move back to your own custom methods? What was wrong with the existing one?

Hide

Permalink

Stanislav Koval added a comment - 19/Dec/13 1:33 AM

method didn/t escape quotes

Show

Stanislav Koval added a comment - 19/Dec/13 1:33 AM method didn/t escape quotes

Hide

Permalink

Stanislav Bashkyrtsev added a comment - 19/Dec/13 9:23 PM

Pavel Vervenko, could you please review?

Show

Stanislav Bashkyrtsev added a comment - 19/Dec/13 9:23 PM Pavel Vervenko , could you please review?

Hide

Permalink

Maksim Reshetov added a comment - 20/Dec/13 5:32 PM

small fix to encode.
task is done

Show

Maksim Reshetov added a comment - 20/Dec/13 5:32 PM small fix to encode. task is done

Hide

Permalink

Artem R added a comment - 22/Dec/13 1:44 PM

Test Environment
JCommune 2.3.1852.4ff5f60, Firefox, Chrome

Test Scenario #1
Steps
1. Go to external links editor and press "Add new link" button
2. Fill all fields with

<script>alert("Ha")<script>

3. Press "Save" button

Actual result = Expected result
All fields are correctly filled, layout displays as expected.

Test Scenario #2
Steps
1. Go to external links editor and press "Add new link" button
2. Fill all fields with

</a></span></span></div>

3. Press "Save" button

Actual result = Expected result
All fields are correctly filled, layout displays as expected.

Regression tests:
Adding correct external links, changing forum configuration works as expected.

Test results:
Issue can be closed

Show

Artem R added a comment - 22/Dec/13 1:44 PM Test Environment JCommune 2.3.1852.4ff5f60, Firefox, Chrome Test Scenario #1 Steps 1. Go to external links editor and press "Add new link" button 2. Fill all fields with <script>alert("Ha")<script> 3. Press "Save" button Actual result = Expected result All fields are correctly filled, layout displays as expected. Test Scenario #2 Steps 1. Go to external links editor and press "Add new link" button 2. Fill all fields with </a></span></span></div> 3. Press "Save" button Actual result = Expected result All fields are correctly filled, layout displays as expected. Regression tests: Adding correct external links, changing forum configuration works as expected. Test results: Issue can be closed

People

Assignee:

Artem R

Reporter:

Artem R

Votes:

1 Vote for this issue

Watchers:

6 Start watching this issue

Dates

Created:

04/Dec/13 12:38 AM

Updated:

22/Dec/13 1:44 PM

Resolved:

19/Dec/13 1:06 AM

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

Structure Helper Panel