Uploaded image for project: 'ZK'
  1. ZK
  2. ZK-5738

HtmlBasedComponent.setTooltiptext(..) not properly escaped

XMLWordPrintable

      Steps to Reproduce

      Calling setTooltiptext("\" onLoad=\"myBadJavascript();") for Image should also work, or setTooltiptext("\" onMouseover=\"myBadJavascript();") for A hyperlinks.

      Current Result

      Javascript is executed

      Expected Result

      The tooltip should be displayed as entered, by applying proper escaping.

      Debug Information

      <image tooltiptext="" onLoad="alert(0);"/> in ZUL displays Javascript message, so if applications display user input as tooltiptext (e.g. if the size exceeds a threshold), users can execute Javascript in foreign users' context, e.g. to steal session cookies or act impersonating the other user.
       

      Workaround

       

            hawk hawk
            chemFelix chemFelix
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 1 hour
                1h
                Remaining:
                Remaining Estimate - 1 hour
                1h
                Logged:
                Time Spent - Not Specified
                Not Specified