hal-browser icon indicating copy to clipboard operation
hal-browser copied to clipboard
verified publisher icon mikekelly

Cross Site Scripting issue with NON-GET dialog

Open msturm opened this issue 8 years ago • 1 comments

If you open the NON-GET dialog and press submit, you get a URL of the form: http://haltalk.herokuapp.com/explorer/browser.html#NON-GET:/

If you modify the URL to include javascript for example, it turns out that the contents are displayed in the users' browser. Theoretically, this makes it possible to perform various actions, including stealing cookies etc.

An example to see the problem described above is going to this link on the demo-app of the HAL-browser: http://haltalk.herokuapp.com/explorer/browser.html#NON-GET:/">'<script>alert("hi")</script>

msturm avatar Dec 22 '17 12:12 msturm

I was creating a pull request, but then noticed that this pull request is already fixing this issue: https://github.com/mikekelly/hal-browser/pull/97

msturm avatar Dec 22 '17 12:12 msturm