Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XSS Vunerability when setting Label directly from QueryParameter #273

Open
GoogleCodeExporter opened this issue May 15, 2015 · 1 comment
Open

XSS Vunerability when setting Label directly from QueryParameter #273

GoogleCodeExporter opened this issue May 15, 2015 · 1 comment
Labels
auto-migrated Component-Codegen Component-Verification Milestone-Release0.7 Priority-Medium Security Type-Defect

Comments

@GoogleCodeExporter
Copy link 

What steps will reproduce the problem?
1. Set a Label with the value of a QueryParameter in an ActivityOperation
2. Generate the application, and insert HTML into the provided QueryParameter, 
e.g. index.php?message=<b>hello<b/>

What is the expected output? What do you see instead?
Expected: The Label is set to &lt;b&gt;...
Actual: The Label is set to <b>...

This represents an XSS vunerability. This should either be a new verification 
technique, or a simple Checks warning, or a property of the metamodel (but this 
is similar to PHP's magic_quotes).

Original issue reported on code.google.com by soundasleep on 21 Jul 2011 at 3:51
@GoogleCodeExporter
Copy link
Author 

mass tagging old issues to future work

Original comment by soundasleep on 26 Sep 2011 at 9:54

  • Added labels: Milestone-Release0.7

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auto-migrated Component-Codegen Component-Verification Milestone-Release0.7 Priority-Medium Security Type-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter