From d9e9e474a8df4abf14ca2d0a4d673f9af8812e13 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 12 Nov 2007 14:14:00 -0500 Subject: [PATCH] security issues --- ...rward__42__ing_functionality_for_the_meta_plugin.mdwn | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn b/doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn index 30bcbd58f..5cd4def38 100644 --- a/doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn +++ b/doc/todo/__42__forward__42__ing_functionality_for_the_meta_plugin.mdwn @@ -24,3 +24,12 @@ I can also submit a Git patch, if desired. --[[tschwinge]] + +> The html scrubber cannot scrub meta headers. So if you emit one +> containing user-supplied data, it's up to you to scrub it to avoid all +> possible XSS attacks. Two attacks I'd worry about are cyclic meta refresh +> loops, which some, but not all web browsers detect and break, and any way +> to insert javascript via the user-supplied parameters. (Ie, putting +> something in the delay value that closes the tag can probably insert +> javascript ATM; and are there ways to embed javascript in the url?) +> --[[Joey]] -- 2.26.2