Details

    • Branch Version/s:
      6.1.x
    • Backported to Branch:
      Committed
    • Fix Priority:
      4
    • Similar Issues:
      Show 1 results 

      Description

      Reproduction steps:

      • Deploy AntiSamy Hook
      • Add Wiki Portlet to a page
      • Edit Front page and choose for HTML format
      • Click on Source and add some XSS ("><script>alert('Wiki Page Preview');</script>)
      • Save the page
      • Content has been sanitized OK
      • Edit the page again as previously
      • Click the Preview button

      The alert message is displayed.

        Activity

        Hide
        Kenji Heigel added a comment -

        Committed on:
        Portal 6.1.x EE GIT ID: fa24999015f6ffdb29620838226f2ee20202de9d.
        Portal 6.2.x GIT ID: d10c9eada83ab17611a59d448927820abe60a336.

        Show
        Kenji Heigel added a comment - Committed on: Portal 6.1.x EE GIT ID: fa24999015f6ffdb29620838226f2ee20202de9d. Portal 6.2.x GIT ID: d10c9eada83ab17611a59d448927820abe60a336.
        Hide
        Kenji Heigel added a comment -

        PASSED Manual Testing following the steps in the description.

        Reproduced on:
        Tomcat 7.0.27 + MySQL 5. Portal 6.1.x EE GIT ID: f513cc6488dd6bbcbe295e0b7b86f9b1cef47af2.
        Plugins 6.1.x EE GIT ID: 32aab040a271633cd74777a515baa9c93efef0cd.
        Tomcat 7.0.27 + MySQL 5. Portal 6.2.x GIT ID: b8b08350ea430cb0b6a601d1b88a3272436efaad.
        Plugins 6.2.x GIT ID: de5c6d7ccdc0a49f4fb8a7de0c7be4f6eaed80c5.

        With the AntiSamy Hook deployed, the XSS popup appears after clicking preview.

        Fixed on:
        Tomcat 7.0.27 + MySQL 5. Portal 6.1.x EE GIT ID: fa24999015f6ffdb29620838226f2ee20202de9d.
        Plugins 6.1.x EE GIT ID: 32aab040a271633cd74777a515baa9c93efef0cd.
        Tomcat 7.0.27 + MySQL 5. Portal 6.2.x GIT ID: 8dec877554fa4078bf77006b3a8875c55af3cb31.
        Plugins 6.2.x GIT ID: de5c6d7ccdc0a49f4fb8a7de0c7be4f6eaed80c5.

        With the AntiSamy Hook deployed, the XSS popup does not appear upon clicking preview.

        Show
        Kenji Heigel added a comment - PASSED Manual Testing following the steps in the description. Reproduced on: Tomcat 7.0.27 + MySQL 5. Portal 6.1.x EE GIT ID: f513cc6488dd6bbcbe295e0b7b86f9b1cef47af2. Plugins 6.1.x EE GIT ID: 32aab040a271633cd74777a515baa9c93efef0cd. Tomcat 7.0.27 + MySQL 5. Portal 6.2.x GIT ID: b8b08350ea430cb0b6a601d1b88a3272436efaad. Plugins 6.2.x GIT ID: de5c6d7ccdc0a49f4fb8a7de0c7be4f6eaed80c5. With the AntiSamy Hook deployed, the XSS popup appears after clicking preview. Fixed on: Tomcat 7.0.27 + MySQL 5. Portal 6.1.x EE GIT ID: fa24999015f6ffdb29620838226f2ee20202de9d. Plugins 6.1.x EE GIT ID: 32aab040a271633cd74777a515baa9c93efef0cd. Tomcat 7.0.27 + MySQL 5. Portal 6.2.x GIT ID: 8dec877554fa4078bf77006b3a8875c55af3cb31. Plugins 6.2.x GIT ID: de5c6d7ccdc0a49f4fb8a7de0c7be4f6eaed80c5. With the AntiSamy Hook deployed, the XSS popup does not appear upon clicking preview.

          People

          • Assignee:
            Kenji Heigel
            Reporter:
            Tamas Molnar
            Recent user:
            Randy Zhu
            Participants of an Issue:
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Days since last comment:
              2 years, 28 weeks, 4 days ago

              Development

                Structure Helper Panel