Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris

Re^2: XSS-Bug in HTML::BBCode

by Taulmarill (Deacon)
on Aug 14, 2007 at 14:11 UTC ( [id://632501] : note . print w/replies, xml ) Need Help??

in reply to Re: XSS-Bug in HTML::BBCode
in thread XSS-Bug in HTML::BBCode

Lucky for you i had some time to read your source ;-)

I think the main-problem is how $attr is handled in sub _do_BB. Basically you should try to filter any content in $attr which is not what you expect. Right now you filter < and >. In addition you should also filter ; and " since ; can begin a new css-attribute and " can end the css altogether and start something new (like i did with onmouseover="").

Maybe it would also be nice to change the behavior from just filtering out all unwanted stuff to changing broken BBCode into text. That would resemble what phpBB actually does.