Difference between revisions of "MediaWiki"
From Nick Jenkins
m |
m |
||
| Line 1: | Line 1: | ||
Various MediaWiki 1.6.1 parser tests, that fail HTML validation: | Various MediaWiki 1.6.1 parser tests, that fail HTML validation: | ||
| − | * [ | + | * [[:MediaZilla:5066|MediaWiki bug report]]. |
| Line 186: | Line 186: | ||
<sup>1</sup>: For the above table, "security aspect" is defined as anything that causes the start of a tag to be missing, or the end to be missing, or attributes of any type that should not be there to be injected. For example: | <sup>1</sup>: For the above table, "security aspect" is defined as anything that causes the start of a tag to be missing, or the end to be missing, or attributes of any type that should not be there to be injected. For example: | ||
* ''<p><td><s></p>'' would '''not''' be considered to have a security aspect because all the tags are appearing ok (are not malformed), although it is invalid HTML. | * ''<p><td><s></p>'' would '''not''' be considered to have a security aspect because all the tags are appearing ok (are not malformed), although it is invalid HTML. | ||
| − | * ''<a href="http://as<td></td><td class="external free"><p>user text here'' would be considered to have a security aspect because the "href" string is not properly terminated, and so the "external free" part is injected as attributes. | + | * ''<nowiki><a href="http://as<td></td><td class="external free"><p>user text here</nowiki>'' would be considered to have a security aspect because the "href" string is not properly terminated, and so the "external free" part is injected as attributes. |
* A string missing the start of a tag would also be considered to have a security aspect - e.g. ''<nowiki><th>|||||" class="external free" title="https://||||||" rel="nofollow">https://</th></nowiki>'' - because the ''<a href="xxx'' part has been cut off. Probably not exploitable - but certainly a worse category of bug than just getting tags in the wrong order. | * A string missing the start of a tag would also be considered to have a security aspect - e.g. ''<nowiki><th>|||||" class="external free" title="https://||||||" rel="nofollow">https://</th></nowiki>'' - because the ''<a href="xxx'' part has been cut off. Probably not exploitable - but certainly a worse category of bug than just getting tags in the wrong order. | ||
So to sum up: if tags are just in the wrong order, but are otherwise complete and well-formed, then it is not a security issue; otherwise it is considered to potentially be, and is listed as "Yes" in the above table. | So to sum up: if tags are just in the wrong order, but are otherwise complete and well-formed, then it is not a security issue; otherwise it is considered to potentially be, and is listed as "Yes" in the above table. | ||
Revision as of 06:50, 7 April 2006
Various MediaWiki 1.6.1 parser tests, that fail HTML validation:
1: For the above table, "security aspect" is defined as anything that causes the start of a tag to be missing, or the end to be missing, or attributes of any type that should not be there to be injected. For example:
- <p><td><s></p> would not be considered to have a security aspect because all the tags are appearing ok (are not malformed), although it is invalid HTML.
- <a href="http://as<td></td><td class="external free"><p>user text here would be considered to have a security aspect because the "href" string is not properly terminated, and so the "external free" part is injected as attributes.
- A string missing the start of a tag would also be considered to have a security aspect - e.g. <th>|||||" class="external free" title="https://||||||" rel="nofollow">https://</th> - because the <a href="xxx part has been cut off. Probably not exploitable - but certainly a worse category of bug than just getting tags in the wrong order.
So to sum up: if tags are just in the wrong order, but are otherwise complete and well-formed, then it is not a security issue; otherwise it is considered to potentially be, and is listed as "Yes" in the above table.
