Closed
Bug 187441
Opened 22 years ago
Closed 20 years ago
URLs not HTML encoded in output
Categories
(Webtools Graveyard :: Web Sniffer, defect)
Webtools Graveyard
Web Sniffer
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: tom, Assigned: timeless)
Details
User-Agent: Opera/7.0 (Windows 98; U) [en]
Build Identifier:
When loading a page into the sniffer that has URLs in the source, you can insert
any HTML using something like <a
href="http://><script>alert('boo')</script>">test</a>. See URL for working
example. Special characters just need to be replaced with HTML entities. This is
not the same as bug 57556.
Reproducible: Always
Steps to Reproduce:
Comment 1•22 years ago
|
||
Nothing seems to happen when I view the attached URL, I get four horizontal bars
and the word "succeeded" twice, and that's it. View source doesn't show me
anything additional to that was sent.
If I try to view the referenced URL within the attached one, I get an alert from
Mozilla stating 'The site "><script>alert('boo')</script>" could not be found'.
Comment 2•22 years ago
|
||
ok, did it again and it worked this time. Don't know why it didn't the first
time...
Anyone know who's in charge of web-sniffer? default assignee is "nobody" which
isn't real promising...
Group: webtools-security
Status: UNCONFIRMED → NEW
Ever confirmed: true
someone needs to recompile websniffer.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Comment 4•22 years ago
|
||
OK, websniffer has been cvs updated and recompiled on webtools.mozilla.org
(lounge). Tom: can you verify if it's fixed?
Reporter | ||
Comment 5•22 years ago
|
||
Confirmed fixed. Very efficient :)
Comment 6•22 years ago
|
||
verified fixed per comment 5
Group: webtools-security
Status: RESOLVED → VERIFIED
Updated•20 years ago
|
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
Updated•20 years ago
|
Assignee: nobody → timeless
Status: REOPENED → NEW
Updated•20 years ago
|
Status: NEW → RESOLVED
Closed: 22 years ago → 20 years ago
Resolution: --- → FIXED
Updated•20 years ago
|
Status: RESOLVED → VERIFIED
Updated•18 years ago
|
QA Contact: mattyt-bugzilla → web.sniffer
Updated•8 years ago
|
Product: Webtools → Webtools Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•