Uploaded image for project: 'ZK'
  1. ZK
  2. ZK-3567

Listbox is vulnerable to XSS attacks

XMLWordPrintable

      Listbox is vulnerable to XSS attacks. See the fiddle to break it: http://zkfiddle.org/direct/3kugq3c/2/v8.0.4-Listbox-XSS-attack-bug-proof?run=bcrnig

      <zk>

<window title="Listbox" border="normal">
	<listbox >
		<listhead>
			<listheader label="Xss - drag the row to see it burn!"/>
		</listhead>
		<listitem height="28px" label="&lt;img src=x onerror=alert('xss')&gt;" draggable="true"/>
	</listbox>
</window>

</zk>

            DevChu DevChu
            ulysses ulysses
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 5 hours
                5h