Closed Bug 187441 Opened 22 years ago Closed 20 years ago

URLs not HTML encoded in output

Categories

(Webtools Graveyard :: Web Sniffer, defect)

defect
Not set
major

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: tom, Assigned: timeless)

Details

User-Agent: Opera/7.0 (Windows 98; U) [en] Build Identifier: When loading a page into the sniffer that has URLs in the source, you can insert any HTML using something like <a href="http://><script>alert('boo')</script>">test</a>. See URL for working example. Special characters just need to be replaced with HTML entities. This is not the same as bug 57556. Reproducible: Always Steps to Reproduce:
Nothing seems to happen when I view the attached URL, I get four horizontal bars and the word "succeeded" twice, and that's it. View source doesn't show me anything additional to that was sent. If I try to view the referenced URL within the attached one, I get an alert from Mozilla stating 'The site "><script>alert('boo')</script>" could not be found'.
ok, did it again and it worked this time. Don't know why it didn't the first time... Anyone know who's in charge of web-sniffer? default assignee is "nobody" which isn't real promising...
Group: webtools-security
Status: UNCONFIRMED → NEW
Ever confirmed: true
someone needs to recompile websniffer.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
OK, websniffer has been cvs updated and recompiled on webtools.mozilla.org (lounge). Tom: can you verify if it's fixed?
Confirmed fixed. Very efficient :)
verified fixed per comment 5
Group: webtools-security
Status: RESOLVED → VERIFIED
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
Assignee: nobody → timeless
Status: REOPENED → NEW
Status: NEW → RESOLVED
Closed: 22 years ago20 years ago
Resolution: --- → FIXED
Status: RESOLVED → VERIFIED
QA Contact: mattyt-bugzilla → web.sniffer
Product: Webtools → Webtools Graveyard
You need to log in before you can comment on or make changes to this bug.