[
https://issues.apache.org/jira/browse/SHINDIG-900?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jasvir Nagra updated SHINDIG-900:
---------------------------------
Attachment: secure-default.patch2
Updated patch:
* added tests for setContent.
* re-added caja end-to-end tests call (not sure why these were turned off)
* added support for static cajoling errors
> Malformed javascript causes the CajaContentRewriter to append original
> javascript
> ---------------------------------------------------------------------------------
>
> Key: SHINDIG-900
> URL: https://issues.apache.org/jira/browse/SHINDIG-900
> Project: Shindig
> Issue Type: Bug
> Components: Java
> Reporter: Jasvir Nagra
> Attachments: secure-default.patch, secure-default.patch2
>
>
> The CajaContentRewriter does not remove original content from the gadget
> before running the cajoler. As a result, any exceptions in cajoler result in
> the original content passing through un-rewritten. This is a security
> critical error.
> To reproduce:
> 1. Clean checkout, build and run shindig
> 2. Load a gadget that requires caja but has syntactically incorrect
> javascript - note the rendered output contains the original javascript.
> <?xml version="1.0" encoding="UTF-8"?>
> <Module>
> <ModulePrefs title="Caja">
> <Require feature="opensocial-0.7"></Require>
> <Require feature="caja"></Require>
> <Require feature="dynamic-height"></Require>
> </ModulePrefs>
> <Content type="html">
> <![CDATA[
> <script>
> document.getElementById("attack").style.= ;
> </script>
> ]]>
> </Content>
> </Module>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
