Bug #46434
closed
Epic #55070: Workpackages
Epic #55066: WP: Security enhancements
XSS in content element wizard
0%
Description
set in page tsconfig
mod.wizards.newContentElement.wizardItems.common.elements.text.icon = ">xxxx<h1>xx</h1>EXT:news/ext_icon.gif
Updated by Helmut Hummel over 10 years ago
- Project changed from 1716 to TYPO3 Core
- Category deleted (
OW-A07: Cross Site Scripting)
TS-Config must be admin only. Can be fixed in regular bugfixing workflow
Updated by Ingo Schmitt over 10 years ago
- Parent task set to #55066
- Is Regression set to No
Updated by Gerrit Code Review about 9 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36227
Updated by Gerrit Code Review about 9 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36227
Updated by Gerrit Code Review about 9 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36227
Updated by Gerrit Code Review over 8 years ago
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36227
Updated by Gerrit Code Review over 8 years ago
Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36227
Updated by Gerrit Code Review over 8 years ago
Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36227
Updated by Gerrit Code Review over 8 years ago
Patch set 7 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36227
Updated by Gerrit Code Review about 8 years ago
Patch set 8 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/36227
Updated by Gerrit Code Review almost 8 years ago
Patch set 9 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/36227
Updated by Gerrit Code Review almost 8 years ago
Patch set 10 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/36227
Updated by Gerrit Code Review almost 8 years ago
Patch set 11 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/36227
Updated by Gerrit Code Review almost 8 years ago
Patch set 12 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/36227
Updated by Riccardo De Contardi almost 7 years ago
I performed a test with 7.6.16 and 8.7.1, and these are my results:
7.6.16¶
I used the code provided, and the path to the icon was encoded, i.e. it became:
<img src="/typo3/">xxxx<h1>xx</h1>EXT:news/ext_icon.gif" width="32" height="32" />
8.7.1¶
I had to to use an iconIdentifier, so I wrote:
$iconRegistry->registerIcon(
'genericicon',
\TYPO3\CMS\Core\Imaging\IconProvider\SvgIconProvider::class,
['source' => $contentElementIconFilePrefix . '"><h1>aaaaaaaaaa</h1>typo3logo.svg']
);
and
mod.wizards.newContentElement.wizardItems.common.elements.text.iconIdentifier = genericicon
and the result was:
<img src="/typo3conf/ext/bhsiteconf/Resources/Public/Icons/ContentElements/"><h1>aaaaaaaaaa</h1>typo3logo.svg" width="32" height="32" />
do you think it is sufficient to consider it closed?
Updated by Riccardo De Contardi almost 7 years ago
- Status changed from Under Review to Closed
I close this as resolved on 7.6.x and 8.7.x (see my previous comment).
If you think that this is the wrong decision or there is still work to do, please reopen it or open a new issue with a reference to this one. Thank you.