possible XSS Vulnerability for Listcell

Question

asked 2014-01-13 12:50:50 +0800

salbader
15 ● 5

Hi there, I found a possible XSS Vulnerability for the Listcell component. I entered a String like "</script foo=bar>" for a normal Textboxfield and after saving and refreshing this content will be rendered into a Listcell for the User. Unfortunately there is some vulnerability in the XSS protection function.

The resulting html-code looks like:

<script type="text/javascript">zkmx(
.....
['zul.sel.Listcell','z_hpl_o',{$$onSize:false,label:'EVIL-JS'},[]],
['zul.sel.Listcell','z_hpl_p',{label:'</script foo=bar>'},[]],
['zul.sel.Listcell','z_hpl_q',{label:'helloWorld'},[]],
....); 
</script>

I always though zkoss will now prevent all evil xss-stuff, but unfortunately the resulting page is empty or is really messed up, without any reliable information.

I am using zk5.0.4.1, zcommon5.0.4, zhtml5.0.4....(Unfortunately upgrading to a newer zk version is at this moment not an option!)

Is there something I'm doing wrong? Or is this a known issue??

Please help ASAP. thx

Answer 1

answered 2014-01-14 01:04:17 +0800

noahhuang
74 ● 4

please report bug in http://tracker.zkoss.org/secure/Dashboard.jspa

Answer 2

answered 2014-08-07 11:20:52 +0800

ulysses
12

updated 2014-08-07 11:21:43 +0800

The defect http://tracker.zkoss.org/browse/ZK-2116 is now reopened but no progress is visible/reported... Any chance for fix?

CORE FRAMEWORK

FEATURED COMPONENTS

TOOLS

EXPLORE ZK

RESOURCES

LEARN ZK

RESOURCES

GET HELP

RESOURCES

MORE ABOUT ZK

MORE ABOUT ZK

possible XSS Vulnerability for Listcell

2 Replies

Question tools

Stats

Related questions