Project

General

Profile

Actions

Bug #22990

closed

imageLinkWrap.JSwindow triggers XSS warning or Fails

Added by Nathan L over 14 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
-
Target version:
-
Start date:
2010-06-24
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

See the documentation on imageLinkWrap in the tsref: http://typo3.org/documentation/document-library/references/doc_core_tsref/4.1.0/view/5/3/.

Follow the example listed for creating a popup image with a javascript style close link and a black background:

1.imageLinkWrap = 1
1.imageLinkWrap {
enable = 1
bodyTag = <BODY bgColor=black>
wrap = <A href="javascript:close();"> | </A>
width = 800m
height = 600
JSwindow = 1
JSwindow.newWindow = 1
JSwindow.expand = 17,20
}

In IE8 it triggers a warning "Internet Explorer has modified this page to help prevent cross-site scripting. Click here for more information..." error. (There isn't really any more information.) It strips the black background and the <a> tag including the call to window.close().

In Safari 5, the link just doesn't do anything. Even though there are no errors.

I think it might be that IE sees the encoded HTML code in the link to index.php?eID=tx_cms_showpic URL that is generated. I realize this is safe because the md5 checksum prevents modified code from being passed, but IE or Safari do not know this.

See: http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx
Also, Safari 5 mentions an XSS Auditor: http://support.apple.com/kb/DL1046
It seems like Chrome is talking about adding one too.

It looks like we'll need a new way of implementing this feature. Any ideas?

(issue imported from #M14858)


Files

14858.diff (5.65 KB) 14858.diff Administrator Admin, 2010-06-27 17:03

Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #24140: Cross-Site Scripting in showpic functionalityClosedMarcus Krause2010-11-19

Actions
Has duplicate TYPO3 Core - Bug #20868: click-enlarge function for images does not work correctly in IE8ClosedChris topher2009-08-12

Actions
Actions

Also available in: Atom PDF