[TYPO3-core] RFC #17133: Pagetree - qtip can be used to execute custom javascript (XSS)
Stefan Galinski
stefan.galinski at gmail.com
Wed Jan 19 01:08:41 CET 2011
Hi,
This is an SVN patch request
Type: No-Brainer Bugfix
Bugtracker reference: http://bugs.typo3.org/view.php?id=17133
Branches: trunk
Problem:
Currently the qtip on page nodes (the yellow popup) that appears on mouse
hover can be used to execute custom javascript.
Solution:
Add an htmlspecialchars call to fix that issue.
Note:
The patch was already reviewed by Helmut.
--
Stefan Galinski
staatl. geprüfter Informatiktechniker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 17133_v1.diff
Type: text/x-patch
Size: 912 bytes
Desc: not available
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20110119/1fd32d33/attachment.bin>
More information about the TYPO3-team-core
mailing list