Bug #33651
closed
closing textarea tag on html element in backend closes the textarea itself.
100%
Description
by adding html content in the backend (html element) that contains "</textarea>", the save will be done.
however, on trying to reload/edit the html element in the backend the "</textarea>" (that is apart of own user/admin content) actually closes the textarea of the backend form itself.
the content will be cut off in the backend editor.
Files
Updated by Boris Hinzer over 12 years ago
- File Bildschirmfoto_2012-05-22_um_20.42.51.png Bildschirmfoto_2012-05-22_um_20.42.51.png added
- Assignee set to Helmut Hummel
Same bug still exists in TYPO3 4.7 and ist IMHO a major risk. Additionally, the closing </textarea> can be used to manipulate the TYPO3 backend and also include foreign code using iframes. Please take a look at the attached screenshot.
Here goes the code if want to reproduce this issue:
<form onsubmit="" method="post" action="http://www.web-vision.de/">
<input type="hidden" value="true" name="bulk">
<input type="hidden" value="1" name="register">
<input type="hidden" value="14" name="domain_cat">
Domain: <textarea name="sld"></textarea>
<h1>Now I can manipulate the TYPO3 Backend</h1>
<iframe src="/robots.txt" style="width:200px; height:200px;"></iframe>
<input type="checkbox" value="HERE GOES MY CONTENT"/>
<input type="submit" value="SUBMIT"/>
Also this breaks the frontend output of the website.
Updated by Helmut Hummel over 12 years ago
- Assignee deleted (
Helmut Hummel)
Boris Hinzer wrote:
Same bug still exists in TYPO3 4.7 and ist IMHO a major risk.
If you allow someone to use the HTML element, you must trust that person, this bug present or not. I could put arbitrary JavaScript in that element, which is then rendered in the frontend. With that I could also do everything in case a logged in user visits that page.
So yes, this bug needs to be fixed, but it does not add additional risks to a TYPO3 installation.
Updated by PRISMA Computer about 12 years ago
This bug is very very bad and should be fixed in 4.7. No more HTML with textarea-element is possible. Typo3 saves the right code one time. But it displays a destroyed version. So, if you save again, the HTML code is broken.
We've chosen 4.7 because it's LTS. We had better taken 4.5 from Ubuntu-repos... But here's a hint for everybody having the same problem. Just add the textarea-element via the template with a little bit javascript and a <div id="placeholder"></div> container:
page.headerData.31 = TEXT
page.headerData.31.value (
<script type="text/javascript">
function AddTextArea()
{
var area = document.createElement('textarea');
element = document.getElementById('placeholder').appendChild(area);
element.setAttribute('name', 'comment');
element.setAttribute('cols', '40');
element.setAttribute('rows', '10');
element.setAttribute('wrap', 'virtual');
}
</script>
)
page.bodyTag = <body onload="AddTextArea();">
Updated by Gerrit Code Review over 11 years ago
- Status changed from New to Under Review
Patch set 1 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/19510
Updated by Gerrit Code Review over 11 years ago
Patch set 1 for branch TYPO3_6-0 has been pushed to the review server.
It is available at https://review.typo3.org/19582
Updated by Gerrit Code Review over 11 years ago
Patch set 1 for branch TYPO3_4-7 has been pushed to the review server.
It is available at https://review.typo3.org/19584
Updated by Gerrit Code Review over 11 years ago
Patch set 1 for branch TYPO3_4-6 has been pushed to the review server.
It is available at https://review.typo3.org/19585
Updated by Gerrit Code Review over 11 years ago
Patch set 1 for branch TYPO3_4-5 has been pushed to the review server.
It is available at https://review.typo3.org/19587
Updated by Georg Ringer over 11 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset ceab1f8890185553da5d33cff8c1992c495afc87.
Updated by 