[OO-4024] Bug in Batik breaks XSS validation - OpenOLAT Issue Management

XML

Word

Printable

Details

Type: Task
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 12.5.22, 13.2.4
Component/s: None
Labels:
None

Funded by:
- OpenOLATPartner
- UIBK

Description

If a user enters in the rich text editor a background color with percent values like rgb(100%,10%,0), it get a red screen. this is critical for 2 reasons:

The user get a red screen
If such a value is written in a file or in the database, the output validation will produce a red screen every time an innocent user try to see the value.

Attachments

Activity

People

Assignee:: Stéphane Rossé

Reporter:: Daniel Haag

Tester:: Mandy Menzel

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 16/Apr/19 4:24 PM

Updated:: 25/Apr/19 9:20 AM

Resolved:: 16/Apr/19 5:35 PM

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1h 5m