Opened 3 years ago

Closed 23 months ago

#11593 closed defect (fixed)

Style has not been sanitized

Reported by: uchida_t@… Owned by: mrelbe
Priority: normal Component: WikiExtrasPlugin
Severity: normal Keywords:
Cc: Trac Release:


I input CSS Expression in box.

{{{#!box style="width:expression(alert(1));"


<div class="wikiextras box shadow" style="width:expression(alert(1));"></div>

This can used to attack xss in IE8 or older. Do you sanitize like WikiHtml(#!html)?

Attachments (1)

sanitize-attribute-r13796.diff (2.6 KB) - added by jun66j5 3 years ago.

Download all attachments as: .zip

Change History (3)

Changed 3 years ago by jun66j5

comment:1 Changed 3 years ago by jun66j5

The plugin certainly should sanitize the attributes. Also, #!Color processor has the same issue.

{{{#!Color color=green font-size="expression(alert(1));"

Please try sanitize-attribute-r13796.diff.

comment:2 Changed 23 months ago by mrelbe

  • Resolution set to fixed
  • Status changed from new to closed

In 14315:

WikiExtrasPlugin 1.0dev: Sanitize macro attributes

Patch by Jun Omae, many thanks! Fixes #11593

Add Comment

Modify Ticket

as closed The owner will remain mrelbe.
The resolution will be deleted. Next status will be 'reopened'.

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.