patrickrolanddg / jaikuengine

Automatically exported from code.google.com/p/jaikuengine
Apache License 2.0
0 stars 0 forks source link

Lack of user input filtering resulting in XSS #142

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

What steps will reproduce the problem?
1. post a jaiku with some javascript e.g. <script>alert()</script>
2. click on the presence link e.g. 
http://www.jaiku.com/channel/ohgod/presence/8c79c91a0c5e4ad49a4ebcfd44dafe4f
3. javascript is executed.

What is the expected output? What do you see instead?

Presence messages should be filtered to prevent cross site scripting attacks.

What version of the product are you using? On what operating system?
Using jaikuengine trunk and tested on jaiku.com

Please provide any additional information below.

Original issue reported on code.google.com by kugutsu...@gmail.com on 1 Sep 2009 at 6:22

GoogleCodeExporter commented 9 years ago
Upgraded to Priority Critical.

Original comment by jonasnoc...@gmail.com on 2 Sep 2009 at 10:15

GoogleCodeExporter commented 9 years ago
fixed in r99

Original comment by andyster on 2 Sep 2009 at 10:50