[Bug #2051] Query string including 'action=' not handled properly

Thu, 26 Dec 2002 10:58:44 -0800 

=================== BUG #2051: LATEST MODIFICATIONS ==================
http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=2051&group_id=1968

Changes by: Earl Hood <[EMAIL PROTECTED]>
Date: 2002-Dec-26 12:58 (US/Central)

            What     | Removed                   | Added
---------------------------------------------------------------------------
          Resolution | None                      | Wont Fix
              Status | Open                      | Closed


------------------ Additional Follow-up Comments ----------------------------
[Limitation]
This is a known limitation.  The change you made allows
for scripting content to make it through the filtering,
so it will not be used.  Example:

<a href="/"onmouseover="javascript:alert('onmouseover');"
>Server Home</a>

The ideal solution is to parse HTML tags, but it is
a low priority right now, and would require testing to
make sure XSS vulnerabilities are not introduced.



=================== BUG #2051: FULL BUG SNAPSHOT ===================


Submitted by: gunnarh                   Project: MHonArc                        
Submitted on: 2002-Dec-25 09:23
Category:  MIME Filter                  Severity:  5 - Major                    
Bug Group:  Incorrect Behavior          Resolution:  Wont Fix                   
Assigned to:  None                      Status:  Closed                         
Platform Version:  All                  Perl Version:  Any                      
Component Version:  mhtxthtml.pl,v 2.30 Fixed Release:                          

Summary:  Query string including 'action=' not handled properly

Original Submission:  When converting a text/html message with the URL:
http://phenomenalmen.com/profiles/pm.cgi?action=display&login=forrest_horn
MHonArc screwed up the HTML source. The problem seems to be that both this query 
string and the $UAttr variable includes the string 'action'.

I made MHonArc accept the occurrence of 'action=' in a query string by editing line 
333 in mhtxthtml.pl:

    $$data =~ s/(\s$UAttr\s*=\s*)([^\s'">][^\s>]+)
-----------------^^

/ Gunnar



Follow-up Comments
*******************

-------------------------------------------------------
Date: 2002-Dec-26 12:58             By: ehood
[Limitation]
This is a known limitation.  The change you made allows
for scripting content to make it through the filtering,
so it will not be used.  Example:

<a href="/"onmouseover="javascript:alert('onmouseover');"
>Server Home</a>

The ideal solution is to parse HTML tags, but it is
a low priority right now, and would require testing to
make sure XSS vulnerabilities are not introduced.


CC list is empty


No files currently attached


For detailed info, follow this link:
http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=2051&group_id=1968

---------------------------------------------------------------------
To sign-off this list, send email to [EMAIL PROTECTED] with the
message text UNSUBSCRIBE MHONARC-DEV

Reply via email to