Zend Framework

Security issue in Zend_Dojo_View_Helper_Editor

Details

  • Type: Bug Bug
  • Status: Resolved Resolved
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 1.9.4
  • Fix Version/s: 1.7.9, 1.8.5, 1.9.7
  • Component/s: Zend_Dojo
  • Labels:
    None

Description

Hi,

Zend_Dojo_Form_Elements_Editor is generated from <texarea /> in Zend_Dojo_View_Helper_Editor and this is security issue. This is in Dijit documentation:
dijit._editor.RichText is the core of dijit.Editor, which provides basic WYSIWYG editing features. It also encapsulates the differences of different js engines for various browsers. Do not use this widget with an HTML <TEXTAREA> tag, since the browser unescapes XML escape characters, like <. This can have unexpected behavior and lead to security issues such as scripting attacks.

http://api.dojotoolkit.org/jsdoc/1.3.2/dijit._editor.RichText

Zend_Dojo_Form_Elements_Editor must be generated from div!

Issue Links

This issue duplicates:
ZF-6753 Implementation of Dojo_View_Helper_Editor is outdated and insecure Major Resolved
This issue is related to:
ZF-5387 If there is a validation error, the Editor doesn't show its value again. Major Resolved

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Dave Heath added a comment -

Wrote a test to check for the presence of a textarea. Changed Editor to inherit from DijitContainer.

Show
Dave Heath added a comment - Wrote a test to check for the presence of a textarea. Changed Editor to inherit from DijitContainer.
Hide
Permalink
snop3 added a comment -

Was fast , thank you

Show
snop3 added a comment - Was fast , thank you
Hide
Permalink
Paul Verhoeven added a comment -

Duplicate issue:

http://framework.zend.com/issues/browse/ZF-6753

Show
Paul Verhoeven added a comment - Duplicate issue: http://framework.zend.com/issues/browse/ZF-6753
Hide
Permalink
Matthew Weier O'Phinney added a comment -

Resolved in trunk and 1.9 release branch; backporting to 1.8 and 1.7 as well.

Show
Matthew Weier O'Phinney added a comment - Resolved in trunk and 1.9 release branch; backporting to 1.8 and 1.7 as well.
Hide
Permalink
snop3 added a comment -

Great, thank you

Show
snop3 added a comment - Great, thank you
Hide
Permalink
Vladimir Razuvaev added a comment -

This should also fix ZF-5387

Show
Vladimir Razuvaev added a comment - This should also fix ZF-5387

People

Vote (1)
Watch (1)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Zend Framework. Try JIRA - bug tracking software for your team.