|
Arbitrary bytes can be injected into the locator element in a WMS exception:
Ben Caradoc-Davies commented on
GEOS-5318
: ------------------------------------------
Jukka, which script did you test? The openlayers example above or Mats' example, which was like this?:
http://localhost:8080/geoserver/ows?SERVICE=WMS&request=%22%3E%3Ca%20xmlns:a=%27http://www.w3.org/1999/xhtml%27%3E%3Ca:body%20onload=%22alert%28%27xss%27%29%22/%3E%3C/a%3E%3C
(Test link based on one provided by Victor Tey.)
Jukka Rahkonen commented on
GEOS-5318
: --------------------------------------
The OpenLayers example after "Here's an example:" That shows only an OpenLayers map but the other one by Victor Tey indeed shows a text box "xss" with Firefox 31.0
|