perlquestion
Taulmarill
As i was looking for a nice BBCode2HTML converter i came across the following behavior of the Module which i think is a bug which could be exploited to insert JS.<br/>
<tt>[color=blue" onmouseover="this.innerHTML = 'XSS']test[/color]</tt><br/>
becomes<br/>
<tt><span style="color: blue" onmouseover="this.innerHTML = 'XSS'">test</span></tt><br/>
<br/>
I used the following script to test this behavior:
<code>use strict;
use warnings;
use HTML::BBCode;
my $bbcode = q~[color=blue" onmouseover="this.innerHTML = 'XSS']test[/color]~;
my $bbc = HTML::BBCode->new( {
no_html => 1,
no_jslink => 1,
linebreaks => 1,
} );
print $bbc->parse($bbcode);
print "\n";</code>
If i made a mistake or there is a workaround other than disabling the color-tag (and maybe other tags, too), please let me know.
Also i would like to hear other suggestions for BBCode2HTML converters (doesn't have to be exactly BBCode, could be something similar) that are known to be safe for public websites.