deltaspike-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gerhard Petracek <gerhard.petra...@gmail.com>
Subject Re: Unsafe handling of cookie content
Date Fri, 17 Jul 2015 14:10:59 GMT
hi ortwin,

thx for reporting the issue!
(fyi: please send such topics to the dev-list)

@thomas:
we need to use maxWindowIdCount there as well.

regards,
gerhard



2015-07-17 16:01 GMT+02:00 Ortwin Escher <ortwin.escher@iav.de>:

> Hello,
>
> The WindowIdHtmlRenderer writes the cookie content of the dsrwid cookie
> directly into the page body when using the <ds:windowId/> tag. You might
> want to escape the content, do a sanity check or at least do the same
> shortening the windowId request parameter has.
>
> A small example: Having a cookie like "dsrwid--9414" with the content
> "-9414'+alert('HelloWorld')+'" will open a HelloWorld alert when the
> window id is "-9414".
>
> Kind regards
>
> Ortwin Escher
>
> Fachreferent, Fahrzeug IT, VC-M1
>
> IAV GmbH
> Rockwellstrasse 16
> 38518 GIFHORN
> GERMANY
>
> Internet: http://www.iav.com
>
> Sitz/Registered Office: Berlin,
> Registergericht/Registration Court: Amtsgericht Charlottenburg,
> Registernummer/Company Registration Number: HRB 21 280,
> Geschäftsführer/Managing Directors: Kurt Blumenröder, Michael Schubert,
> Olaf Kupke
> Vorsitzender des Aufsichtsrates/Chairman of the Supervisory Board: Dr.
> Harald Ludanek

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message