My favorites | Sign in
Project Home Wiki Issues Source
READ-ONLY: This project has been archived. For more information see this post.
Search
for
  Advanced search   Search tips   Subscriptions
Issue 142: Lack of user input filtering resulting in XSS
3 people starred this issue and may be notified of changes. Back to list
Status:  Fixed
Owner:  ----
Closed:  Sep 2009


 
Reported by kugutsu...@gmail.com, Sep 1, 2009

What steps will reproduce the problem?
1. post a jaiku with some javascript e.g. <script>alert()</script>
2. click on the presence link e.g. 
http://www.jaiku.com/channel/ohgod/presence/8c79c91a0c5e4ad49a4ebcfd44dafe4f
3. javascript is executed.

What is the expected output? What do you see instead?

Presence messages should be filtered to prevent cross site scripting attacks.

What version of the product are you using? On what operating system?
Using jaikuengine trunk and tested on jaiku.com

Please provide any additional information below.


Sep 2, 2009
Project Member #1 jonasnoc...@gmail.com
Upgraded to Priority Critical.
Labels: -Priority-Medium Priority-Critical Security
Sep 2, 2009
Project Member #2 andyster
fixed in r99
Status: Fixed

Powered by Google Project Hosting