Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix XSS in extension
This extension did not escape its user-supplied input for the meta property tags

Example: {{#seo:article:publisher=foo"><script>alert('XSS')</script> <b f="}}

This sort of vulnerability could be leveraged to take over other user's accounts
and other evil things.
  • Loading branch information
bawolff committed Oct 21, 2015
1 parent b8a947e commit 089a579
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions WikiSEO.body.php
Expand Up @@ -270,7 +270,7 @@ public static function modifyHTML ( $out ) {
if ($name == 'description') {
$out->addMeta( $name, $content );
$out->addMeta( "twitter:description", $content );
$out->addHeadItem("og:description", "<meta property=\"og:description\" content=\"$content\" />" . "\n");
$out->addHeadItem("og:description", Html::element( 'meta', array( 'property' => 'og:description', 'content' => $content ) ) . "\n");
}
else {
$out->addMeta( $name, $content );
Expand All @@ -281,7 +281,7 @@ public static function modifyHTML ( $out ) {
//set property tags
if(!empty(self::$property)){
foreach(self::$property as $property => $content){
$out->addHeadItem("$property", "<meta property=\"$property\" content=\"$content\" />" . "\n");
$out->addHeadItem("$property", Html::element( 'meta', array( 'property' => $property, 'content' => $content ) ) . "\n");
}
}

Expand Down

0 comments on commit 089a579

Please sign in to comment.