Bug #24655: Pagetree - qtip can be used to execute custom javascript (XSS) - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Bug #24655

closed

Pagetree - qtip can be used to execute custom javascript (XSS)

Added by Stefan Galinski almost 14 years ago. Updated almost 14 years ago.

Status:

Closed

Priority:

Must have

Assignee:

Steffen Kamper

Category:

Target version:

Start date:

2011-01-19

Due date:

% Done:

Estimated time:

TYPO3 Version:

4.5

PHP Version:

5.3

Tags:

Complexity:

Is Regression:

Sprint Focus:

Description

Problem:
Currently the qtip on page nodes (the yellow popup) that appears on mouse hover can be used to execute custom javascript.

Solution:
Add an htmlspecialchars call to fix that issue.

Note:
The patch was already reviewed by Helmut.

(issue imported from #M17133)

Files

17133_v1.diff (911 Bytes) 17133_v1.diff

Administrator Admin, 2011-01-19 01:07

History
Notes

Actions

Copy link

Updated by Steffen Kamper almost 14 years ago

committed to trunk rev 10182

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Bug #24655

Pagetree - qtip can be used to execute custom javascript (XSS)

Updated by Steffen Kamper almost 14 years ago