html injection/XSS

[GoogleCodeExporter]

What steps will reproduce the problem?
1. <a href="http://demo.testfire.net">CLICK HERE</a>
2. click on CLICK HERE
3.

What is the expected output? What do you see instead?
it should filter out html tags. In this context,it accepts <a> tag and href 
attribute which is used to specify a link address. So, by giving the above 
input and on clicking CLICK HERE, it goes to malicious link specified in href 
attribute hence leading to html injection/XSS attacks

What version of the product are you using? On what operating system?
OS-Windows XP
Version-1.5.2

Please provide any additional information below.
vulnerable to html injection attacks

Original issue reported on code.google.com by varnam...@gmail.com on 11 Jan 2014 at 5:21

[GoogleCodeExporter]

With what policy are you running?

Original comment by mikesamuel@gmail.com on 27 Feb 2014 at 7:43

[GoogleCodeExporter]

If your policy accepts URL's then this is not a bug. The act of clicking <a 
href="http://demo.testfire.net">CLICK HERE</a> will not cause an XSS it seems, 
only visiting the vulnerable page (demo.testfire.net) will cause the XSS. So 
the XSS is not in the link itself like a javascript URL such as <a 
href="javascript:alert(1);">CLICK HERE</a>. If a JavaScript URL got through the 
sanitizer I would consider it a bug, but that does not seem to be the case here.

Original comment by j...@manico.net on 31 Mar 2014 at 2:24

[GoogleCodeExporter]

Re "It should filter out html tags", some policies should filter out <a> tags 
and some policies should not.  Without knowing what policy the reporter used, 
we cannot take action.

Closing as invalid.  Please reopen if you can supply more detail.

Original comment by mikesamuel@gmail.com on 31 Mar 2014 at 5:03

• Changed state: Invalid