deltaspike-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ortwin Escher <ortwin.esc...@iav.de>
Subject Unsafe handling of cookie content
Date Fri, 17 Jul 2015 14:01:51 GMT
Hello,

The WindowIdHtmlRenderer writes the cookie content of the dsrwid cookie 
directly into the page body when using the <ds:windowId/> tag. You might 
want to escape the content, do a sanity check or at least do the same 
shortening the windowId request parameter has.

A small example: Having a cookie like "dsrwid--9414" with the content 
"-9414'+alert('HelloWorld')+'" will open a HelloWorld alert when the 
window id is "-9414".

Kind regards

Ortwin Escher

Fachreferent, Fahrzeug IT, VC-M1

IAV GmbH 
Rockwellstrasse 16
38518 GIFHORN
GERMANY

Internet: http://www.iav.com

Sitz/Registered Office: Berlin, 
Registergericht/Registration Court: Amtsgericht Charlottenburg, 
Registernummer/Company Registration Number: HRB 21 280, 
Geschäftsführer/Managing Directors: Kurt Blumenröder, Michael Schubert, 
Olaf Kupke
Vorsitzender des Aufsichtsrates/Chairman of the Supervisory Board: Dr. 
Harald Ludanek
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message