Closed
Bug 1359906
Opened 7 years ago
Closed 7 years ago
Mutation XSS - Escape syntax with $
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: MechaTech84, Unassigned)
Details
Attachments
(1 file)
1.10 KB,
text/html
|
Details |
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Steps to reproduce: - Open a fresh install of Firefox. - Load the attached html document - Enter the following into the input box: <img src=x onerror=alert(343)> - Click "Fire!" button - Observe no alert box appears - Reload the attached html document - Enter the following into the input box: <img src=x onerror=alert(343)>$ - Click "Fire!" button - Observe alert box now appears. Actual results: Alert box appears. I believe this is an example of mutation XSS. Expected results: Alert box should not appear.
Comment 1•7 years ago
|
||
(In reply to MechaTech84 from comment #0) > Alert box should not appear. Why? This is an issue with the webpage and how it uses user input in innerHTML without any filtering. Why is it a Firefox bug?
Flags: needinfo?(MechaTech84)
Reporter | ||
Comment 2•7 years ago
|
||
Sorry about this, I thought this was an issue with the dollar sign being used as an escape character. This can be closed, I had someone explain the issue with $' to me just now.
Flags: needinfo?(MechaTech84)
Updated•7 years ago
|
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•