Last modified: 2010-05-15 15:32:58 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T4304, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 2304 - Template inclusion circumvents JavaScript filtering


Summary:	Template inclusion circumvents JavaScript filtering

Status:	RESOLVED FIXED

Product:	MediaWiki
Classification:	Unclassified
Component:	Parser (Other open bugs)
Version:	1.4.x
Hardware:	All All

Importance:	Normal normal (vote)
Target Milestone:	---
Assigned To:	Nobody - You can work on this!

URL:	http://en.wikipedia.org/wiki/User:JRM...
Whiteboard:
Keywords:	parser

Depends on:
Blocks:	javascript
	Show dependency tree / graph

Reported:	2005-06-03 12:00 UTC by Joost R. Meerten
Modified:	2010-05-15 15:32 UTC (History)
CC List:	1 user (show)

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Joost R. Meerten 2005-06-03 12:00:22 UTC

By including a template inside a style directive, arbitrary HTML attributes can
be injected after the style. This allows, among other things, the use of
malicious JavaScript. See the URL for an example.

Comment 1 Brion Vibber 2005-06-03 15:43:56 UTC

Fixed in 1.3.13, 1.4.5, and 1.5alpha2.

Comment 2 Joost R. Meerten 2005-06-03 15:54:18 UTC

(In reply to comment #1)
> Fixed in 1.3.13, 1.4.5, and 1.5alpha2.
> 
If [[Special:Version]] on the en.wikipedia reports MW 1.4.5, then why is this
still working?

Comment 3 Brion Vibber 2005-06-03 15:55:23 UTC

Your client-side cache?

Comment 4 Joost R. Meerten 2005-06-03 16:02:25 UTC

No, but NM. Works now.

Comment 5 Cesar Eduardo Barros 2005-06-04 17:43:07 UTC

This bug fix might have broken the reference templates; see
http://en.wikipedia.org/wiki/Wikipedia_talk:Featured_article_candidates#Extremely_important_problem.21
and http://en.wikipedia.org/wiki/User_talk:Raul654#Reference_templates

Comment 6 Mark Pellegrini 2005-06-04 19:08:07 UTC

I've gone ahead and re-opened this.

Comment 7 Brion Vibber 2005-06-04 23:02:51 UTC

That's bug 2309. Re-closing this bug.

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links