[
https://issues.apache.org/jira/browse/SLING-2427?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Carl Hall resolved SLING-2427.
------------------------------
Resolution: Fixed
Fix Version/s: Servlets Get 2.1.4
Fixed in r1293518
> HtmlRendererServlet allows outputting arbitrary HTML
> ----------------------------------------------------
>
> Key: SLING-2427
> URL: https://issues.apache.org/jira/browse/SLING-2427
> Project: Sling
> Issue Type: Bug
> Components: Servlets
> Affects Versions: Servlets Get 2.1.2
> Reporter: Carl Hall
> Assignee: Carl Hall
> Fix For: Servlets Get 2.1.4
>
>
> When using HtmlRendererServlet to return content in an HTML format, it is
> possible to inject arbitrary HTML into the returned page.
> To reproduce:
> 1. Add a node of content
> * curl -u admin:admin -F test=true http://localhost:8080/test_node
> 2. Get the new node in HTML format and append extra data to the URL
> * http://localhost:8080/test_node.html/<font size='88' color='red'>VOTE
> SLING</font><iframe height=800 width=600 src='http://www.uva.nl' /></iframe>
> JIRA will escape the above URL. The unescaped URL is here:
> http://pastie.org/3451245
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
