- **labels**: security, sf-2, sf-current --> security, sf-2
--- ** [tickets:#7947] XSS vulnerability in link rewriting** **Status:** closed **Milestone:** unreleased **Labels:** security sf-2 **Created:** Mon Aug 03, 2015 03:43 PM UTC by Dave Brondsema **Last Updated:** Mon Aug 03, 2015 10:06 PM UTC **Owner:** Dave Brondsema HTML like `[xss](http://";><a onmouseover=prompt(document.domain)>xss</a>)` or like `'[xss](http://";><img src=x onerror=alert(document.cookie)>)'` will end up getting parsed incorrectly and the embedded JS will run. I've isolated this to the `RelativeLinkRewriter` class and how it uses BeautifulSoup doesn't handle the incoming HTML (which is like `<a class="" href='http://";><img src=x onerror=alert(document.cookie)>'>xss</a>` at this point). BeautifulSoup 4 does handle that correctly. --- Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/ To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
