FUDforum: FUDforum 3.0+ » Javascript gets executed if importet with NNTP

Home » FUDforum Development » FUDforum 3.0+ » Javascript gets executed if importet with NNTP

Show: Today's Messages :: Polls :: Message Navigator

Javascript gets executed if importet with NNTP [message #168033]

Sun, 23 December 2012 09:41

Fladi

Messages: 19
Registered: April 2011

Karma:

Junior Member

Hi all!

We have a problem and I'm not sure if it is a bug or I just configured something wrong.

We import messages with NNTP. Now, when I post a message on the NNTP site which has some Javascript code in it

<script type="text/javascript">alert('Hello World');</script>

the message is imported into FUDforum. The code gets executed when a user opens the topic with this message. I think this should not work as it opens an easy way to XSS.
It doesn't make a diffent which settings are set for the forum (Tag-Style is set to none for the user).

Did I do something wrong or can you confirm this?

Best regards and a merry christmas Wink

Tim

Report message to a moderator

[Message index]

		Javascript gets executed if importet with NNTP By: Fladi on Sun, 23 December 2012 09:41
		Aw: Javascript gets executed if importet with NNTP By: Fladi on Sun, 23 December 2012 14:54

Previous Topic:	NNTP suggestions
Next Topic:	SQL Error

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Wed Nov 27 22:33:02 GMT 2024

Total time taken to generate the page: 0.04785 seconds