Last modified: 2010-05-15 15:32:58 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 2304 - Template inclusion circumvents JavaScript filtering
Template inclusion circumvents JavaScript filtering
Product: MediaWiki
Classification: Unclassified
Parser (Other open bugs)
All All
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
: parser
Depends on:
Blocks: javascript
  Show dependency treegraph
Reported: 2005-06-03 12:00 UTC by Joost R. Meerten
Modified: 2010-05-15 15:32 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Description Joost R. Meerten 2005-06-03 12:00:22 UTC
By including a template inside a style directive, arbitrary HTML attributes can
be injected after the style. This allows, among other things, the use of
malicious JavaScript. See the URL for an example.
Comment 1 Brion Vibber 2005-06-03 15:43:56 UTC
Fixed in 1.3.13, 1.4.5, and 1.5alpha2.
Comment 2 Joost R. Meerten 2005-06-03 15:54:18 UTC
(In reply to comment #1)
> Fixed in 1.3.13, 1.4.5, and 1.5alpha2.
If [[Special:Version]] on the en.wikipedia reports MW 1.4.5, then why is this
still working?
Comment 3 Brion Vibber 2005-06-03 15:55:23 UTC
Your client-side cache?
Comment 4 Joost R. Meerten 2005-06-03 16:02:25 UTC
No, but NM. Works now.
Comment 6 Mark Pellegrini 2005-06-04 19:08:07 UTC
I've gone ahead and re-opened this. 
Comment 7 Brion Vibber 2005-06-04 23:02:51 UTC
That's bug 2309. Re-closing this bug.

Note You need to log in before you can comment on or make changes to this bug.