[ https://issues.apache.org/jira/browse/TRINIDAD-1258?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12689824#action_12689824 ]
Matthias Weßendorf commented on TRINIDAD-1258: ---------------------------------------------- + ServletRequest req = (ServletRequest) + fc.getExternalContext().getRequest(); what about the portlet scenario ? > GenericEntry allows invalid locale parameter - XSS vulnerability in > LocaleInfoScriptlet > --------------------------------------------------------------------------------------- > > Key: TRINIDAD-1258 > URL: https://issues.apache.org/jira/browse/TRINIDAD-1258 > Project: MyFaces Trinidad > Issue Type: Bug > Components: Components > Affects Versions: 1.2.9-core > Reporter: Yee-Wah Lee > Assignee: Matthias Weßendorf > Priority: Critical > Fix For: 1.0.11-core, 1.2.11-core > > Attachments: trin11_1258.diff, trin12_1258.diff, trin12_1258_add.diff > > > 1. Run the inputDate demo > http://www.irian.at/trinidad-demo/faces/components/inputDate.jspx > 2. Open the inputDate popup and copy its URL using right click/Properties > http://www.irian.at/trinidad-demo/faces/__ADFv__?_t=fred&_red=cd&value=1224025200000&loc=en&enc=utf-8 > 3. Modify the URL to replace the loc parameter value with > <script>alert(document.cookie)</script> > http://www.irian.at/trinidad-demo/faces/__ADFv__?_t=fred&_red=cd&value=1224025200000&loc=en%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&enc=utf-8 > 4. Load the modified URL in the browser - an alert popup appears. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.