[Bug 39735] New: WLMMobile: HTML injection in HTML templating system

bugzilla-daemon Tue, 28 Aug 2012 08:10:56 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=39735


       Web browser: ---
             Bug #: 39735
           Summary: WLMMobile: HTML injection in HTML templating system
           Product: WikiLoves Monuments Mobile
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: Unprioritized
         Component: General
        AssignedTo: [email protected]
        ReportedBy: [email protected]
    Classification: Unclassified
   Mobile Platform: ---


While testing the long filenames issue, I noticed that the super-long
Belorussian monument name actually contains a literal "<br />" tag.

This is being output unescaped into the app's HTML document, appearing as a
line break. This is an HTML injection vector which is at best fragile and at
worst a security danger.

It looks like the <%= foo %> syntax in the template doesn't do any escaping...
this should be fixed, or else explicit HTML escaping needs to be added to
everything we output.

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 39735] New: WLMMobile: HTML injection in HTML templating system

Reply via email to