incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dirk Frederickx" <dirk.frederi...@gmail.com>
Subject question on username
Date Thu, 06 Dec 2007 18:54:20 GMT
Ref. xss vulnerability

Which characters are allowed in the jspwiki username ? <wiki:Username/>

>From what I can see, there are  only checks on isBlank, all other
characters seem to be allowed.
Also the single quote, which is dangerous in the common-header.jsp,
where the username is inserted as javascript string.



dirk

Mime
View raw message