What steps will reproduce the problem?
1.open an iFrame DOM window with a malicious XSS URL
http://www.mysite.com/search/text/?field1[0]=%22%20onmouseover%3dprompt%28986066
%29%20bad%3d%22&field2[0]=all
What is the expected output? What do you see instead?
iFrame should open as normal. However since the URL isn't escaped, a quote will
close the src attribute and writes the rest of the url as tag attributes
What version of the product are you using? On what operating system?
current / Ubuntu
Please provide any additional information below.
Our fix is this, on line 321: settings.windowSourceURL.replace("\"", "")
Original issue reported on code.google.com by ghens...@gmail.com on 17 Feb 2011 at 10:17
Original issue reported on code.google.com by
ghens...@gmail.comon 17 Feb 2011 at 10:17