Closed
Bug 446495
Opened 16 years ago
Closed 16 years ago
Even escaped HTML code is rendered partly in the feed preview.
Categories
(Firefox Graveyard :: RSS Discovery and Preview, defect)
Tracking
(Not tracked)
VERIFIED
INCOMPLETE
People
(Reporter: max.vogler, Unassigned)
Details
(Whiteboard: [sg:needinfo])
Attachments
(2 files)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 HTML is parsed partly( <img> is parsed, <script> not ) even if it's escaped. This is extremely dangerous for websites that allow RSS feeds for user generated content. A evil user who submits an image like <img src="http://evil.org/track_ip.php"> is able to find out the IP of everyone that previews the feed. Reproducible: Always Steps to Reproduce: 1. find a feed which contains escaped html and preview it in firefox Actual Results: Images and other escaped(!) HTML is rendered, scripts not Expected Results: No escaped HTML should be rendered. <![CDATA[<b>this text should be bold</b>]]> <![CDATA[<b> this text shouldn't be..
Reporter | ||
Updated•16 years ago
|
Version: unspecified → 3.0 Branch
Comment 1•16 years ago
|
||
This testcase, with <![CDATA[<b>..., works for me - the preview displays <b>Am I bold?</b> in trunk and 3.0.2. Can you attach a testcase feed that demonstrates what you are seeing?
Updated•16 years ago
|
Whiteboard: [sg:needinfo]
Comment 2•16 years ago
|
||
Title and description, channel and item, none of it being double-unescaped and rendered. Max, we really need an attached testcase that shows what you're seeing, to be able to do anything here.
Comment 3•16 years ago
|
||
After a month probably not going to get any more information
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → INCOMPLETE
Comment 4•15 years ago
|
||
Verifying incomplete. If it can be reproduced in Firefox 3.5 or 3.6 and more information is provided, we will reopen.
Status: RESOLVED → VERIFIED
Updated•5 years ago
|
Product: Firefox → Firefox Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•