Closed Bug 560725 Opened 15 years ago Closed 15 years ago

Pasting script inside contentEditable div executes the script

Categories

(Core :: DOM: Editor, defect)

Product:
Core
Component:
DOM: Editor
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 520189

People

(Reporter: nbilogorskiy, Unassigned)

Details

(Keywords: testcase)

Attachments

(2 files)

a. Test case file with the script
(deleted), text/html
Details
b.html - test case file with the editable div
(deleted), text/html
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9 When copy-pasting html content in an editable div, script tags in the initial javascript gets executed. This can lead to XSS-like flaws, although it's not an XSS but equivalent to typing javascript: .... in the url. Reproducible: Always Steps to Reproduce: 1. open attached file a.html in firefox 2. select & copy the content of the table (the 'AAA') string (control click to select the table) 3. open attached file b.html in firefox 4. click inside the editable DIV 5. paste the content of the clipboard in b.html. ==== content of a.html: <html><body> <table border="1"> <tr><td><script>alert('hi');</script>AAA</td></tr> </table></body></html> content of b.html <html><body><div id="edit" contentEditable="true" style="border: 1px solid blue; width: 100px; height: 100px"></div> </body> </html> Actual Results: The javascript gets executed Expected Results: The javascript should not be executed
Attached file a. Test case file with the script (deleted) —
Attachment #440375 - Attachment description: Test case file with the script → a. Test case file with the script
This was reported by Soufiane Tahiri soufiane@pointcomme.net
Status: UNCONFIRMED → NEW
Component: General → Editor
Ever confirmed: true
Keywords: testcase
OS: Windows 7 → All
Product: Firefox → Core
QA Contact: general → editor
Hardware: x86 → All
Summary: Pasting script inside editable div executes the script → Pasting script inside contentEditable div executes the script
Version: unspecified → Trunk
Duplicate of bug 520189?
Whiteboard: DUPEME
Yes. Perhaps we should move this to the security group as well?
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
Whiteboard: DUPEME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: