Security: [img] tags emit raw text for invalid URLs

Brought to you by: swerkema

#8 Security: [img] tags emit raw text for invalid URLs

Status: closed-fixed

Owner: phantom-inker

Labels: Bug fix (25)

Priority: 9

Updated: 2009-06-21

Created: 2009-06-21

Creator: phantom-inker

Private: No

[img] tags, when they find a URL that's not valid, are supposed to emit a plaintext version of the original contents. They do this, but they fail to encode the HTML, so that it's possible to inject raw HTML into the output via [img] tags. This allows XSS, redirection, and other cookie-stealing attacks against end-users.

Discussion

phantom-inker - 2009-06-21

This has been fixed in release v1.4.2.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

phantom-inker - 2009-06-21

status: open --> closed-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Security: [img] tags emit raw text for invalid URLs

Group

Searches

Help

#8 Security: [img] tags emit raw text for invalid URLs

Discussion