[Typo3-dev] Security Problem - HTML
Robert Lemke
rl at robertlemke.de
Tue Sep 23 16:41:29 CEST 2003
Hi,
it seems like in my installation of TYPO3.6.0dev the problem DOES NOT
occur, the malicious part is just filtered out. But I have to find out where
it's
actually filtered.
You see this:
<img src="http://hostname/typo3/gfx/helpbubble.gif"
onload="document.write('<iframe
src="\'http://hostname/test.php?cookie">');">
I think it's because of TYPO3 trying to make the source code XHTML
compliant, note how the IMG tag changed to img!
--
robert
More information about the TYPO3-dev
mailing list