Malformed javascript causes the CajaContentRewriter to append original
javascript
---------------------------------------------------------------------------------
Key: SHINDIG-900
URL: https://issues.apache.org/jira/browse/SHINDIG-900
Project: Shindig
Issue Type: Bug
Components: Gadget Rendering Server (Java)
Reporter: Jasvir Nagra
The CajaContentRewriter does not remove original content from the gadget before
running the cajoler. As a result, any exceptions in cajoler result in the
original content passing through un-rewritten. This is a security critical
error.
To reproduce:
1. Clean checkout, build and run shindig
2. Load a gadget that requires caja but has syntactically incorrect javascript
- note the rendered output contains the original javascript.
<?xml version="1.0" encoding="UTF-8"?>
<Module>
<ModulePrefs title="Caja">
<Require feature="opensocial-0.7"></Require>
<Require feature="caja"></Require>
<Require feature="dynamic-height"></Require>
</ModulePrefs>
<Content type="html">
<![CDATA[
<script>
document.getElementById("attack").style.= ;
</script>
]]>
</Content>
</Module>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
