Skip to:
Content

BuddyPress.org

Opened 15 years ago

Closed 15 years ago

#1017 closed defect (bug) (fixed)

wire not filtering input properly

Reported by: djpaul's profile DJPaul Owned by:
Milestone: 1.1 Priority: major
Severity: Version:
Component: Keywords: wire, post, wire post, href, JavaScript, embedded, security, needs-analysis
Cc: Jason_JM

Description

It's possible to get Javascript into the following on any of the Wire elements:

<a href="javascript:window.location.href='www.google.com'">Tsst</a>

Change History (6)

#1 @Jason_JM
15 years ago

  • Keywords wire post href javascript added

You may be able to use the filter 'bp_get_wire_post_content':

pseudo
if (!'javascript:' present in the href via regex) {

replace href = "javascript:window.location.href='<old href>'"

Sound good?

Enhancement,minor, 1.2?

#2 @djpaul
15 years ago

This is an important issue because I could craft a link to potentially execute a harmful JavaScript action (if an admin clicks on it).

#3 @apeatling
15 years ago

kses should be filtering this, I will investigate.

#4 @Jason_JM
15 years ago

  • Keywords JavaScript embedded security needs-analysis added; javascript removed

#5 @Jason_JM
15 years ago

  • Cc Jason_JM added

#6 @apeatling
15 years ago

  • Resolution set to fixed
  • Status changed from new to closed

This is fixed in trunk, please reopen if you find it is not for you after updating.

Note: See TracTickets for help on using tickets.