ICEfaces
  1. ICEfaces
  2. ICE-4699

Cross Scripting Issue: ice:messages don't escape JavaScript

          Details

          • Type: Bug Bug
          • Status: Closed
          • Priority: Critical Critical
          • Resolution: Fixed
          • Affects Version/s: 1.8.1, 1.8.3
          • Fix Version/s: 1.8.2-EE-GA
          • Component/s: ICE-Components
          • Labels:
            None
          • Environment:
            ..

            Description

            Assume an inputText (or even selectInputDate) with a date converter and a ice:messages component.

            When the user enters JavaScript (<script>alert('hello!')</script>), the messages component will be executed!

            This does not happen with pure JSF and facelts.

            ---code---
            <ice:messages />

            <ice:inputText id="fromReport" title="title" renderAsPopup="true"
            popupDateFormat="dd.MM.yyyy">
            <f:convertDateTime pattern="dd.MM.yyyy" />
            </ice:inputText>

            <ice:selectInputDate id="fromReport" title="title" renderAsPopup="true"
            popupDateFormat="dd.MM.yyyy" partialSubmit="true">
            <f:convertDateTime pattern="dd.MM.yyyy" />
            </ice:selectInputDate>

            <ice:commandButton value="Submit Application" />
            ---code---

              Activity

              Ascending order - Click to sort in descending order
              Stefan Zeller created issue -
              Stefan Zeller made changes -
              Field Original Value New Value
              Salesforce Case []
              Priority Major [ 3 ] Critical [ 2 ]
              Ted Goddard made changes -
              Salesforce Case []
              Fix Version/s 1.8.2-EE [ 10216 ]
              Assignee Ken Fyten [ ken.fyten ]
              Ken Fyten made changes -
              Salesforce Case []
              Assignee Priority P2
              Assignee Ken Fyten [ ken.fyten ] Mark Collette [ mark.collette ]
              Ken Fyten made changes -
              Salesforce Case []
              Affects Version/s 1.8.3 [ 10211 ]
              yip.ng made changes -
              Attachment screenshot-1.png [ 12099 ]
              yip.ng made changes -
              Status Open [ 1 ] Resolved [ 5 ]
              Resolution Fixed [ 1 ]
              Ken Fyten made changes -
              Status Resolved [ 5 ] Closed [ 6 ]
              Assignee Priority P2
              Assignee Mark Collette [ mark.collette ]

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  Stefan Zeller
                • Votes:
                  2 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: