Uploaded image for project: 'ZK'
  1. ZK
  2. ZK-3567

Listbox is vulnerable to XSS attacks

    XMLWordPrintable

    Details

      Description

      Listbox is vulnerable to XSS attacks. See the fiddle to break it: http://zkfiddle.org/direct/3kugq3c/2/v8.0.4-Listbox-XSS-attack-bug-proof?run=bcrnig

      <zk>
      
      <window title="Listbox" border="normal">
      	<listbox >
      		<listhead>
      			<listheader label="Xss - drag the row to see it burn!"/>
      		</listhead>
      		<listitem height="28px" label="&lt;img src=x onerror=alert('xss')&gt;" draggable="true"/>
      	</listbox>
      </window>
      
      </zk>
      
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              DevChu DevChu
              Reporter:
              ulysses ulysses
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 5 hours
                  5h