#8 Security: [img] tags emit raw text for invalid URLs

closed-fixed
phantom-inker
Bug fix (25)
9
2009-06-21
2009-06-21
phantom-inker
No

[img] tags, when they find a URL that's not valid, are supposed to emit a plaintext version of the original contents. They do this, but they fail to encode the HTML, so that it's possible to inject raw HTML into the output via [img] tags. This allows XSS, redirection, and other cookie-stealing attacks against end-users.

Discussion

  • phantom-inker
    phantom-inker
    2009-06-21

    This has been fixed in release v1.4.2.

     
  • phantom-inker
    phantom-inker
    2009-06-21

    • status: open --> closed-fixed