Opened 10 years ago

Last modified 10 years ago

#23544 closed Bug

Escape backtick — at Version 1

Reported by: djbug Owned by: nobody
Component: Uncategorized Version: dev
Severity: Normal Keywords: xss
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by djbug)

IE8 can suffer from XSS if backtick is left unescaped as it can be used to switch out of the attribute. It should be added in django.utils.html.escape() if this is a serious security issue.

Source & related discussions:

  1. Paper by Mario Heiderich : https://cure53.de/fp170.pdf
  2. https://html5sec.org/#102
  3. http://lcamtuf.coredump.cx/postxss/

Change History (1)

comment:1 by djbug, 10 years ago

Description: modified (diff)
Note: See TracTickets for help on using tickets.
Back to Top