Skip to content
Permalink
Browse files

Bug 107925 - Persistent XSS - snippet [CWE-79]

Issue: Shortcut key “q” that triggers to have mail contents in the tooltip is not XSS safe and set’s the content without encoding.

Changeset:
* ZmMailListController.js: Html encoding the mail fragment before setting it to the ui.
  • Loading branch information...
Tarang Khandelwal authored and tarangkhandelwal committed Jun 15, 2017
1 parent b0c36d3 commit 8c646be0322c0ab6858652c184133b924b915d68
Showing with 4 additions and 1 deletion.
  1. +4 −1 WebRoot/js/zimbraMail/mail/controller/ZmMailListController.js
@@ -386,7 +386,10 @@ function(actionCode, ev) {
frag = item.invite ? item.invite.getToolTip() : this.getMsg().invite.getToolTip();
} else {
frag = item.fragment ? item.fragment : ZmMsg.fragmentIsEmpty;
if (frag != "") { lv.setToolTipContent(AjxStringUtil.htmlEncode(frag), true); }
if (frag != "") {
frag = AjxStringUtil.htmlEncode(frag);
lv.setToolTipContent(frag, true);
}
}
var tooltip = this._shell.getToolTip();
tooltip.popdown();

0 comments on commit 8c646be

Please sign in to comment.
You can’t perform that action at this time.