This project is read-only.

XSS issues



I used to choose the ASP.NET Wiki Control because of its simplicity. Due to its age, it has some bugs - including a XSS flaw in the main form. If you insert HTML code, it will be saved and executed when the user loads the page (e. g. an evil script, screenshots 1-3).

This could be fixed by removing all HTML tags after submitting the changes. A fix for this flaw can be seen in Screenshot 3:
Text = Regex.Replace(wmd_input.Text, "<.*?>", string.Empty)
But even if this is fixed, there are still some XSS flaws out there. One I just noticed is located in the hyperlink feature (scrennshots 4-5).
This could be fixed by HTML encoding quotation marks using the following code:
Text = Regex.Replace(wmd_input.Text, "<.*?>", string.Empty).Replace("\"", "%22")
Even if you would do this, you could also type in
to achieve a XSS execution. Unfortunately I didn't have time to build a fix for this.

file attachments