[ https://issues.apache.org/jira/browse/TRINIDAD-1798?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matthias Weßendorf resolved TRINIDAD-1798. ------------------------------------------ Resolution: Fixed Fix Version/s: 2.0.0.4-core 1.2.15-core Assignee: Matthias Weßendorf > XSS attack while launching Pop up > --------------------------------- > > Key: TRINIDAD-1798 > URL: https://issues.apache.org/jira/browse/TRINIDAD-1798 > Project: MyFaces Trinidad > Issue Type: Bug > Affects Versions: 1.2.9-core > Reporter: Virginie reverse > Assignee: Matthias Weßendorf > Priority: Critical > Fix For: 1.2.15-core , 2.0.0.4-core > > > hello, > I am using Tinidad 1.2.9, JSF 1.2 and tomcat 5.5.26. > I am launching a pop up with this command : > <tr:commandLink id="idAddCurrencyDialog" > text="#{msg.updateAttributes_add_currency}" > action="dialog:addModifyAttribute" useWindow="true" partialSubmit="true" > launchListener="#{updateAttributesController.launchAddCurrencyDialog}" > returnListener="#{updateAttributesController.returnFromDialogAttribute}" > windowHeight="500" windowWidth="500"/> > Here is the command generated : > https://xxx/yyy/faces/__ADFv__?_afPfm=-543e4359&_t=fred&_vir=/common/pages/secure/common/dialog/addModifyAttribute.jspx&loc=en&_minWidth=500&_minHeight=500&_rtrnId=1 > The problem is that it's allowing cross site script attack , you can insert > javascript in the : > _minWidth, _minHeight or_rtrnId > For exple : > https://xxx/yyyy/faces/__ADFv__?_afPfm=-543e4359&_t=fred&_vir=/common/pages/secure/common/dialog/addModifyAttribute.jspx&loc=en&_minWidth=500&_minHeight=500});alert(document.cookie);//&_rtrnId=1 > I tried to upgrade to 1.2.13, but there was still the problem. > Do you know a work around or is it possible to fix this security breach ? > thxs -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.