Bug #75016: Prevent XSS in fluid viewhelpern - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Bug #75016

closed

Prevent XSS in fluid viewhelpern

Added by Nicole Cordes about 8 years ago. Updated over 6 years ago.

Status:

Closed

Priority:

Must have

Assignee:

Nicole Cordes

Category:

Fluid

Target version:

8.0

Start date:

2016-03-11

Due date:

% Done:

100%

Estimated time:

TYPO3 Version:

PHP Version:

Tags:

Complexity:

Is Regression:

Sprint Focus:

Stabilization Sprint

Description

There are some viewhelpers which miss to escape incoming variables and cause XSS entry points.

1. Set up a TYPO3 instance with current master
2. Include "fluid_stlyed_content" in root template
3. Create a content element of type "header"
4. Set the header field to "<script>alert('header xss');</script>"
5. Open page in frontend.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Bug #75016

Prevent XSS in fluid viewhelpern

Updated by Gerrit Code Review about 8 years ago

Updated by Gerrit Code Review about 8 years ago

Updated by Gerrit Code Review about 8 years ago

Updated by Gerrit Code Review about 8 years ago

Updated by Markus Klein about 8 years ago

Updated by Nicole Cordes about 8 years ago

Updated by Riccardo De Contardi over 6 years ago