Project

General

Profile

Actions

Bug #46434

closed

Epic #55070: Workpackages

Epic #55066: WP: Security enhancements

XSS in content element wizard

Added by Georg Ringer over 11 years ago. Updated about 7 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2013-03-19
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
6.1
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

set in page tsconfig

mod.wizards.newContentElement.wizardItems.common.elements.text.icon = ">xxxx<h1>xx</h1>EXT:news/ext_icon.gif


Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Task #70816: pages: Add exclude-field-setting for tsconfig_includesClosed2015-10-17

Actions
Actions #1

Updated by Helmut Hummel over 10 years ago

  • Project changed from 1716 to TYPO3 Core
  • Category deleted (OW-A07: Cross Site Scripting)

TS-Config must be admin only. Can be fixed in regular bugfixing workflow

Actions #2

Updated by Ingo Schmitt over 10 years ago

  • Parent task set to #55066
  • Is Regression set to No
Actions #3

Updated by Gerrit Code Review over 9 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36227

Actions #4

Updated by Gerrit Code Review over 9 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36227

Actions #5

Updated by Gerrit Code Review over 9 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36227

Actions #6

Updated by Gerrit Code Review almost 9 years ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36227

Actions #7

Updated by Gerrit Code Review almost 9 years ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36227

Actions #8

Updated by Gerrit Code Review almost 9 years ago

Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36227

Actions #9

Updated by Gerrit Code Review almost 9 years ago

Patch set 7 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36227

Actions #10

Updated by Gerrit Code Review over 8 years ago

Patch set 8 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/36227

Actions #11

Updated by Gerrit Code Review about 8 years ago

Patch set 9 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/36227

Actions #12

Updated by Gerrit Code Review about 8 years ago

Patch set 10 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/36227

Actions #13

Updated by Gerrit Code Review about 8 years ago

Patch set 11 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/36227

Actions #14

Updated by Gerrit Code Review about 8 years ago

Patch set 12 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/36227

Actions #15

Updated by Riccardo De Contardi about 7 years ago

I performed a test with 7.6.16 and 8.7.1, and these are my results:

7.6.16

I used the code provided, and the path to the icon was encoded, i.e. it became:

<img src="/typo3/&quot;&gt;xxxx&lt;h1&gt;xx&lt;/h1&gt;EXT:news/ext_icon.gif" width="32" height="32" />

8.7.1

I had to to use an iconIdentifier, so I wrote:

$iconRegistry->registerIcon(
    'genericicon',
    \TYPO3\CMS\Core\Imaging\IconProvider\SvgIconProvider::class,
  ['source' => $contentElementIconFilePrefix . '"><h1>aaaaaaaaaa</h1>typo3logo.svg']
);

and

mod.wizards.newContentElement.wizardItems.common.elements.text.iconIdentifier = genericicon

and the result was:

<img src="/typo3conf/ext/bhsiteconf/Resources/Public/Icons/ContentElements/&quot;&gt;&lt;h1&gt;aaaaaaaaaa&lt;/h1&gt;typo3logo.svg" width="32" height="32" />

do you think it is sufficient to consider it closed?

Actions #16

Updated by Riccardo De Contardi about 7 years ago

  • Status changed from Under Review to Closed

I close this as resolved on 7.6.x and 8.7.x (see my previous comment).

If you think that this is the wrong decision or there is still work to do, please reopen it or open a new issue with a reference to this one. Thank you.

Actions

Also available in: Atom PDF