Page MenuHomePhabricator

style, class, linkstyle & linkclass parameters allow XSS
Closed, ResolvedPublic

Description

The WikiCategoryTagCloud extension doesn't properly validate the values of the aforementioned four XML-style extension parameters.

Proper fix is to call htmlspecialchars() with ENT_QUOTES as the 2nd param (class & linkclass parameters) or Sanitizer::checkCss() (linkstyle & style parameters).

Event Timeline

Maniphest changed the visibility from "Public (No Login Required)" to "Custom Policy".Nov 19 2015, 9:10 PM
Maniphest changed the edit policy from "All Users" to "Custom Policy".
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 19 2015, 9:10 PM
ashley created this task.Nov 19 2015, 9:10 PM
ashley claimed this task.
ashley triaged this task as Medium priority.
ashley updated the task description. (Show Details)
ashley changed Security from None to Software security bug.
ashley edited subscribers, added: ashley, csteipp; removed: Aklapper.
Legoktm changed the visibility from "Custom Policy" to "Public (No Login Required)".Nov 19 2015, 10:00 PM
Legoktm changed the edit policy from "Custom Policy" to "All Users".
Legoktm changed Security from Software security bug to None.