Uploaded image for project: 'PUBLIC - Liferay Social Office Community Edition'
  1. PUBLIC - Liferay Social Office Community Edition
  2. SOS-2542

XSS in Profile Introduction can break the Profile Add Tag portlet

    Details

    • Fix Priority:
      4

      Description

      Adding XSS to the Introduction field on a User's Profile causes the Add Tag portlet to display javascript visibly on the page and ultimately breaks the portlet's functionality.

      Steps to reproduce:

      1. Deploy Social Office
      2. Go to a User's Profile
      3. Add the following to the "Introduction" field:
        <script>alert("Introduction Content");</script>
        
      4. Click on the "Tags" icon
      5. Attempt to add a tag
      6. Check to see if the tag saves

      Expected Results:
      XSS in the Introduction field should not impact the Add Tag portlet. Tags should be able to be added successfully

      Actual Results:
      Adding XSS to the introduction breaks the Add Tag portlet and causes javascript text to appear inside the Add Tag portlet where it shouldn't.

      See attached gif for steps. The Add Tag portlet displays the following text when XSS is added to the Profile Introduction:

      ' } Liferay.Portlet.onLoad( { canEditTitle: false, columnPos: 0, isStatic: 'no', namespacedId: 'p_p_id_2_WAR_contactsportlet_INSTANCE_ijkl_', portletId: '2_WAR_contactsportlet_INSTANCE_ijkl', refreshURL: '\x2fc\x2fportal\x2frender_portlet\x3fp_l_id\x3d20750\x26p_p_id\x3d2_WAR_contactsportlet_INSTANCE_ijkl\x26p_p_lifecycle\x3d0\x26p_t_lifecycle\x3d0\x26p_p_state\x3dpop_up\x26p_p_mode\x3dview\x26p_p_col_id\x3dnull\x26p_p_col_pos\x3dnull\x26p_p_col_count\x3dnull\x26p_p_isolated\x3d1\x26currentURL\x3d\x252Fweb\x252Ftest\x252Fso\x252Fprofile\x253Fp_p_id\x253D2_WAR_contactsportlet_INSTANCE_ijkl\x2526p_p_lifecycle\x253D0\x2526p_p_state\x253Dpop_up\x2526p_p_mode\x253Dview\x2526p_p_col_id\x253Dcolumn-3\x2526p_p_col_count\x253D1\x2526_2_WAR_contactsportlet_INSTANCE_ijkl_mvcPath\x253D\x25252Fcontacts_center\x25252Fedit_user_dialogs\x2ejsp\x2526_2_WAR_contactsportlet_INSTANCE_ijkl_curSectionId\x253Dcategorization\x26_2_WAR_contactsportlet_INSTANCE_ijkl_curSectionId\x3dcategorization\x26_2_WAR_contactsportlet_INSTANCE_ijkl_mvcPath\x3d\x252Fcontacts_center\x252Fedit_user_dialogs\x2ejsp' } ); Liferay.provide( Liferay.Portlet, 'refreshLayout', function(portletBound) { if (!portletBound.isStatic) { Liferay.Layout.refresh(portletBound); } }, ['liferay-layout'] ); AUI().use('aui-base', 'liferay-asset-tags-selector', 'liferay-auto-fields', 'liferay-form', 'liferay-menu', 'liferay-notice', 'liferay-poller', 'liferay-session', function(A) {(function() { new Liferay.AssetTagsSelector( { allowSuggestions: true, contentBox: '#_2_WAR_contactsportlet_INSTANCE_ijkl__2_WAR_contactsportlet_INSTANCE_ijkl_zsjoassetTagsSelector', contentCallback: function() { if (window._2_WAR_contactsportlet_INSTANCE_ijkl_getSuggestionsContent) { return _2_WAR_contactsportlet_INSTANCE_ijkl_getSuggestionsContent(); } }, curEntries: 'tag1\x2ctag2\x2ctag3', groupIds: '20201,20195', hiddenInput: '#_2_WAR_contactsportlet_INSTANCE_ijkl_assetTagNames', input: '#_2_WAR_contactsportlet_INSTANCE_ijkl_zsjoassetTagNames', instanceVar: '_2_WAR_contactsportlet_INSTANCE_ijkl__2_WAR_contactsportlet_INSTANCE_ijkl_zsjo', portalModelResource: true } ).render(); })();(function() { Liferay.Form.register( { id: '_2_WAR_contactsportlet_INSTANCE_ijkl_dialogForm' , fieldRules: [ ] } ); })();(function() { Liferay.fire('formNavigator:reveal_2_WAR_contactsportlet_INSTANCE_ijkl_categorization'); })();(function() { Liferay.Util.addInputType(); Liferay.Portlet.ready( function(portletId, node) { Liferay.Util.addInputType(node); } ); if (A.UA.mobile) { Liferay.Util.addInputCancel(); } })();(function() { new Liferay.Menu(); var liferayNotices = Liferay.Data.notices; for (var i = 1; i < liferayNotices.length; i++) { new Liferay.Notice(liferayNotices[i]); } Liferay.Poller.init( { encryptedUserId: 'b7YyeZW11ZGFVUEGrCE7cA==', supportsComet: false } ); })();(function() { Liferay.Session = new Liferay.SessionBase( { autoExtend: false, sessionLength: 30, redirectOnExpire: false, redirectUrl: 'http\x3a\x2f\x2flocalhost\x3a8080\x2fweb\x2fguest', warningLength: 1 } ); Liferay.Session.plug(Liferay.SessionDisplay); })();}); // ]]> 
      

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Days since last comment:
                4 years, 33 weeks, 4 days ago

                Packages

                Version Package