#7846 HTML input validation problem

unreleased
open
nobody
support (446) ss-9878 (1)
General
nobody
2015-03-05
2015-03-05
John Barrett
No

https://sourceforge.net/p/forge/site-support/9878/

[forge:site-support:#9878]

Hello,
tried to explain a possible XSS Vulerability within OSS-PHP Projects in the Boards ... well ... my Code "broke" Board-Layout and also some Functionality ... not able to Edit those Entries anymore ...
Maybe some more Input Sanitation would help? :)
URL: https://sourceforge.net/p/opensearchserve/discussion/947147/thread/dbbe183b/
Andreas Schnederle-Wagner

Chatted with Engineering about this and was asked to escalate

Discussion

  • Dave Brondsema

    Dave Brondsema - 2015-03-05

    We looked into this some time ago and it is hard to fix. The issue is that Markdown allows some safe HTML tags that can affect layout (table, list items, etc) and if you have incomplete tags (e.g. <li> on its own, iirc) then that can affect the layout of the whole page.

     

  • Dave Brondsema

    Dave Brondsema - 2015-03-05
    • summary: Boards - input validation Problem! --> HTML input validation problem
     

Log in to post a comment.