Opened 5 years ago

Closed 4 years ago

#11593 closed defect (fixed)

Style has not been sanitized

Reported by: uchida_t@… Owned by: Mikael Relbe
Priority: normal Component: WikiExtrasPlugin
Severity: normal Keywords:
Cc: Trac Release:


I input CSS Expression in box.

{{{#!box style="width:expression(alert(1));"


<div class="wikiextras box shadow" style="width:expression(alert(1));"></div>

This can used to attack xss in IE8 or older. Do you sanitize like WikiHtml(#!html)?

Attachments (1)

sanitize-attribute-r13796.diff (2.6 KB) - added by Jun Omae 5 years ago.

Download all attachments as: .zip

Change History (3)

Changed 5 years ago by Jun Omae

comment:1 Changed 5 years ago by Jun Omae

The plugin certainly should sanitize the attributes. Also, #!Color processor has the same issue.

{{{#!Color color=green font-size="expression(alert(1));"

Please try sanitize-attribute-r13796.diff.

comment:2 Changed 4 years ago by Mikael Relbe

Resolution: fixed
Status: newclosed

In 14315:

WikiExtrasPlugin 1.0dev: Sanitize macro attributes

Patch by Jun Omae, many thanks! Fixes #11593

Modify Ticket

Change Properties
Set your email in Preferences
as closed The owner will remain Mikael Relbe.
The resolution will be deleted.

Add Comment

E-mail address and name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.