Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XSS Concern #78

Closed
Williada-lbcc opened this issue Mar 12, 2018 · 2 comments
Closed

XSS Concern #78

Williada-lbcc opened this issue Mar 12, 2018 · 2 comments

Comments

@Williada-lbcc
Copy link

Hello,

I've hit a couple of XSS issues with search result pages using the Solr Pro Farcry plugin. Escaping the 'q' variable with "encodeForHTML()" does a great job, but I was notified this morning that I hadn't found the bottom of the turtle stack and was escaping an href as well.

I don't mind digging through code, but perhaps it would expedite to ask if there is a single place we could escape the search query before it's branched off to all the code it is passed to?

Thanks for any assistance.

@seancoyne
Copy link
Collaborator

seancoyne commented Mar 12, 2018 via email

@webonix
Copy link

webonix commented Aug 20, 2018

/search?q=cat<%0Dscript>alert(%27XSS%27)<%0D/script>
causes alert to pop up

I currently have this which seems to fix it
getSuggestion()

<cfsavecontent variable="str">
	<!--- AJM <cfoutput>Did you mean <a href="#arguments.linkUrl#">#suggestion#</a>?</cfoutput> --->
	<cfoutput>Did you mean <a href="#arguments.linkUrl#">#application.stPlugins.farcrysolrpro.oCustomFunctions.xmlSafeText(suggestion)#</a>?</cfoutput>
</cfsavecontent>

Update:
Maybe this is better
<cfoutput>Did you mean <a href="#arguments.linkUrl#">#ESAPIEncode('html', suggestion)#</a>?</cfoutput>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants