[TYPO3-core] RFC: Bug #15289: Element-Browser page tree has HSC'ed <span> elements
Oliver Hader
oliver at typo3.org
Fri Jul 30 15:22:21 CEST 2010
This is an SVN patch request.
Type: Bugfix / Regression-Fix
Bugtracker references:
http://bugs.typo3.org/view.php?id=15289
Branches: TYPO3_4-1, TYPO3_4-2, TYPO3_4-3, TYPO3_4-4, Trunk
Problem:
By using the regular element browser on pages and having pages that
contain a navigation title, the title is escaped twice.
Solution:
By analyzing the source code, we can be sure that the title for regular
pages (not for files and folders) are escaped by htmlspecialchars()
before. Thus, the superfluous HSC go removed. However, this opens
another possibility to introduce XSS with domain names (this is
currently safe due to the possible double HSC).
How to reproduce:
* add a navigation title (nav_title) for a page
* open an element browser (e.g. edit a page record, and select a general
storage folder)
* see the double escaped page title
Notes: I'm kindly asking someone of the TYPO3 Security Team to also have
a look at this issue. Thanks!
olly
--
Oliver Hader
TYPO3 v4 Core Team Leader
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0015289.patch
Type: text/x-patch
Size: 1217 bytes
Desc: not available
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20100730/14807438/attachment.bin>
More information about the TYPO3-team-core
mailing list