Bug #71698

Link fields accept inline javascript code

Added by Oliver Hader about 4 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
-
Target version:
-
Start date:
2015-11-19
Due date:
% Done:

100%

TYPO3 Version:
6.2
PHP Version:
5.5
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

javascript:alert(1) can be submitted for every link field and will be rendered in the frontend passed through typolink. To circumvent that, the URI scheme and prefix "javascript:" will be disallowed per default. The extension "javascript_handler" allows however to bring back that insecure behavior since some installations might rely on it.

javascript_handler_1.0.0.zip (2.27 KB) Nicole Cordes, 2015-12-15 12:09

Associated revisions

Revision 25a14739 (diff)
Added by Oliver Hader almost 4 years ago

[SECURITY] Link fields accept inline javascript code

JavaScript can be submitted for every link field and will be
rendered in the frontend passed through typolink. To circumvent
that, the URI scheme and prefix "javascript:" will be disallowed.

The extension "javascript_handler" allows however to bring back
that insecure behavior since some installations might rely on it.

Resolves: #71698
Releases: master, 6.2
Security-Commit: c9f5b7ced589c2d58a8c6099e5491923ace2e9a7
Security-Bulletins: TYPO3-CORE-SA-2015-010, 011, 012, 013, 014, 015
Change-Id: I5a0bcb990686fa1e768974afe561f6b195906552
Reviewed-on: https://review.typo3.org/45265
Reviewed-by: Oliver Hader <>
Tested-by: Oliver Hader <>

Revision de1755a6 (diff)
Added by Oliver Hader almost 4 years ago

[SECURITY] Link fields accept inline javascript code

JavaScript can be submitted for every link field and will be
rendered in the frontend passed through typolink. To circumvent
that, the URI scheme and prefix "javascript:" will be disallowed.

The extension "javascript_handler" allows however to bring back
that insecure behavior since some installations might rely on it.

Resolves: #71698
Releases: master, 6.2
Security-Commit: c854186c419f26a109afaf068149a58ef1745f32
Security-Bulletins: TYPO3-CORE-SA-2015-010, 011, 012, 013, 014, 015
Change-Id: I7dbed505624718010023cd8192ff7174a6a43fa6
Reviewed-on: https://review.typo3.org/45277
Reviewed-by: Oliver Hader <>
Tested-by: Oliver Hader <>

History

#1 Updated by Oliver Hader about 4 years ago

  • File javascript_handler.zip added

#2 Updated by Gerrit Code Review about 4 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/44803

#3 Updated by Gerrit Code Review about 4 years ago

Patch set 2 for branch master of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/44803

#4 Updated by Gerrit Code Review about 4 years ago

Patch set 1 for branch TYPO3_6-2 of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/44804

#5 Updated by Gerrit Code Review about 4 years ago

Patch set 3 for branch master of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/44803

#6 Updated by Gerrit Code Review about 4 years ago

Patch set 2 for branch TYPO3_6-2 of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/44804

#7 Updated by Georg Ringer about 4 years ago

  • Status changed from Under Review to Resolved

merged in release branch

#8 Updated by Gerrit Code Review about 4 years ago

  • Status changed from Resolved to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/44876

#9 Updated by Georg Ringer about 4 years ago

  • Status changed from Under Review to Resolved

merged in release branch

#10 Updated by Gerrit Code Review almost 4 years ago

  • Status changed from Resolved to Under Review

Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/45265

#11 Updated by Oliver Hader almost 4 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

#12 Updated by Gerrit Code Review almost 4 years ago

  • Status changed from Resolved to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/45277

#13 Updated by Oliver Hader almost 4 years ago

  • Status changed from Under Review to Resolved

#14 Updated by Nicole Cordes almost 4 years ago

  • File deleted (javascript_handler.zip)

#16 Updated by Helmut Hummel almost 4 years ago

  • Project changed from Core Security to TYPO3 Core
  • Category deleted (OW-A07: Cross Site Scripting)
  • Is Regression set to No

#17 Updated by Benni Mack about 1 year ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF