Project

General

Profile

Actions

Bug #18562

closed

Adding <script> Tag in pagetitle field

Added by Guido S. over 16 years ago. Updated over 14 years ago.

Status:
Closed
Priority:
Should have
Category:
-
Target version:
-
Start date:
2008-04-04
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.1
PHP Version:
5.0
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

If i add a new page., I just tried to include HTML Code in field "pagetitle". TYPO3 Backend accept this and the Frontend render this HTML Code:

I think HTML is okay, but the <script> Tag is maybe to insecure?

I add this code:
<html><script>alert("Test")</script></html>
(issue imported from #M8019)


Files

8019_admPanel_htmlspecialchars.diff (2.15 KB) 8019_admPanel_htmlspecialchars.diff Administrator Admin, 2008-04-04 13:33
Actions #1

Updated by Steffen Kamper over 16 years ago

This is a Admin-only function, why should it be insecure?

Actions #2

Updated by Guido S. over 16 years ago

I think in worst case. Redakteur uses this function to readout some user cookies or something else.

But i think my issue could be delete :-)

Actions #3

Updated by Steffen Kamper over 16 years ago

editors are not allowed to edit TS, only admins.

I close this issue.

Actions #4

Updated by Steffen Kamper over 16 years ago

i tested it also and you are right, the JS is executed in FE, so imho there is a missing htmlspecialchars for FE

Actions #5

Updated by Guido S. over 16 years ago

Okay.

As advised: Minor :)

Actions #6

Updated by Steffen Kamper over 16 years ago

once again - the execution is not in Page but in Admin Panel. Is this the place where you have it also?

so page title in <title> is with htmlspecialchars, in AdminPanel not

Actions #7

Updated by Guido S. over 16 years ago

I found it in an another way. I change pagetitle in Admin, and i think all is fine. I found no JS Popups in Admin. Where have you found this?

We see the JS Popup in the frontend if TYPO3 generate the menu (special = directory)

Edit:
<title> use htmlsepcialchars(), thats right

Actions #8

Updated by Christian Kuhn over 15 years ago

Committed to 4.2 by Ingmar on 2008-04-20

Actions

Also available in: Atom PDF