Taulmarill has asked for the wisdom of the Perl Monks concerning the following question:
As i was looking for a nice BBCode2HTML converter i came across the following behavior of the Module which i think is a bug which could be exploited to insert JS.
[color=blue" onmouseover="this.innerHTML = 'XSS']test[/color]
becomes
<span style="color: blue" onmouseover="this.innerHTML = 'XSS'">test</span>
I used the following script to test this behavior:
[color=blue" onmouseover="this.innerHTML = 'XSS']test[/color]
becomes
<span style="color: blue" onmouseover="this.innerHTML = 'XSS'">test</span>
I used the following script to test this behavior:
If i made a mistake or there is a workaround other than disabling the color-tag (and maybe other tags, too), please let me know. Also i would like to hear other suggestions for BBCode2HTML converters (doesn't have to be exactly BBCode, could be something similar) that are known to be safe for public websites.use strict; use warnings; use HTML::BBCode; my $bbcode = q~[color=blue" onmouseover="this.innerHTML = 'XSS']test[/ +color]~; my $bbc = HTML::BBCode->new( { no_html => 1, no_jslink => 1, linebreaks => 1, } ); print $bbc->parse($bbcode); print "\n";
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: XSS-Bug in HTML::BBCode
by moritz (Cardinal) on Aug 14, 2007 at 13:39 UTC | |
by Taulmarill (Deacon) on Aug 14, 2007 at 13:43 UTC | |
by b10m (Vicar) on Aug 14, 2007 at 13:57 UTC | |
by Corion (Patriarch) on Aug 14, 2007 at 14:06 UTC | |
by clinton (Priest) on Aug 14, 2007 at 14:25 UTC | |
by b10m (Vicar) on Aug 14, 2007 at 14:52 UTC | |
| |
by Taulmarill (Deacon) on Aug 14, 2007 at 14:11 UTC |
Back to
Seekers of Perl Wisdom