mhonarc-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Bug #2051] Query string including 'action=' not handled properly

2002-12-26 11:58:25
from [nobody] [Permanent Link] 

=================== BUG #2051: LATEST MODIFICATIONS ==================
http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=2051&group_id=1968

Changes by: Earl Hood <earl(_at_)earlhood(_dot_)com>
Date: 2002-Dec-26 12:58 (US/Central)

            What     | Removed                   | Added
---------------------------------------------------------------------------
          Resolution | None                      | Wont Fix
              Status | Open                      | Closed


------------------ Additional Follow-up Comments ----------------------------
[Limitation]
This is a known limitation.  The change you made allows
for scripting content to make it through the filtering,
so it will not be used.  Example:

<a href="/"onmouseover="javascript:alert('onmouseover');"

Server Home</a>


The ideal solution is to parse HTML tags, but it is
a low priority right now, and would require testing to
make sure XSS vulnerabilities are not introduced.



=================== BUG #2051: FULL BUG SNAPSHOT ===================


Submitted by: gunnarh                   Project: MHonArc                        
Submitted on: 2002-Dec-25 09:23
Category:  MIME Filter                  Severity:  5 - Major                    
Bug Group:  Incorrect Behavior          Resolution:  Wont Fix                   
Assigned to:  None                      Status:  Closed                         
Platform Version:  All                  Perl Version:  Any                      
Component Version:  mhtxthtml.pl,v 2.30 Fixed Release:                          

Summary:  Query string including 'action=' not handled properly

Original Submission:  When converting a text/html message with the URL:
http://phenomenalmen.com/profiles/pm.cgi?action=display&login=forrest_horn
MHonArc screwed up the HTML source. The problem seems to be that both this 
query string and the $UAttr variable includes the string 'action'.

I made MHonArc accept the occurrence of 'action=' in a query string by editing 
line 333 in mhtxthtml.pl:

    $$data =~ s/(\s$UAttr\s*=\s*)([^\s'">][^\s>]+)
-----------------^^

/ Gunnar



Follow-up Comments
*******************

-------------------------------------------------------
Date: 2002-Dec-26 12:58             By: ehood
[Limitation]
This is a known limitation.  The change you made allows
for scripting content to make it through the filtering,
so it will not be used.  Example:

<a href="/"onmouseover="javascript:alert('onmouseover');"

Server Home</a>


The ideal solution is to parse HTML tags, but it is
a low priority right now, and would require testing to
make sure XSS vulnerabilities are not introduced.


CC list is empty


No files currently attached


For detailed info, follow this link:
http://savannah.nongnu.org/bugs/?func=detailbug&bug_id=2051&group_id=1968

---------------------------------------------------------------------
To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the
message text UNSUBSCRIBE MHONARC-DEV
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Inconsistent URL filtering?, Earl Hood
Next by Date:  [Bug #1879] URL which is followed by Japanese text (without spaces etc.) will be broken, nobody
Previous by Thread:  [Bug #2051] Query string including 'action=' not handled properly, nobody
Next by Thread:  Re: [Bug #2051] Query string including 'action=' not handled properly, Gunnar Hjalmarsson
Indexes:  [Date] [Thread] [Top] [All Lists]