Author: ndkhoiits Date: 2011-09-15 01:05:37 -0400 (Thu, 15 Sep 2011) New Revision: 7434 Modified: portal/branches/xss/gadgets/eXoGadgets/src/main/webapp/gadgets/rssAggregator/script.js portal/branches/xss/web/eXoResources/src/main/webapp/WEB-INF/gatein-resources.xml portal/branches/xss/web/eXoResources/src/main/webapp/javascript/eXo/core/HTMLUtil.js portal/branches/xss/web/eXoResources/src/main/webapp/javascript/eXo/portal/PortalHttpRequest.js Log: GTNPORTAL-2068 XSS in RSS reader gadget popups many strange alerts after trying to pass XSS string Modified: portal/branches/xss/gadgets/eXoGadgets/src/main/webapp/gadgets/rssAggregator/script.js =================================================================== --- portal/branches/xss/gadgets/eXoGadgets/src/main/webapp/gadgets/rssAggregator/script.js 2011-09-15 03:47:43 UTC (rev 7433) +++ portal/branches/xss/gadgets/eXoGadgets/src/main/webapp/gadgets/rssAggregator/script.js 2011-09-15 05:05:37 UTC (rev 7434) @@ -85,7 +85,7 @@ RssAggregator.prototype.renderFeed = function(feedObj) { if(feedObj.rc != 200 && feedObj.data == undefined) { - document.write("the url: " + feedurl + " is down or invalid"); + document.write("the url: " + gadgets.util.escapeString(feedurl) + " is down or invalid"); return; } this.feed = feedObj.data; @@ -140,7 +140,7 @@ } } } else { - document.write("No feed found at " + feedurl); + document.write("No feed found at " + gadgets.util.escapeString(feedurl)); } gadgets.window.adjustHeight(); } Modified: portal/branches/xss/web/eXoResources/src/main/webapp/WEB-INF/gatein-resources.xml =================================================================== --- portal/branches/xss/web/eXoResources/src/main/webapp/WEB-INF/gatein-resources.xml 2011-09-15 03:47:43 UTC (rev 7433) +++ portal/branches/xss/web/eXoResources/src/main/webapp/WEB-INF/gatein-resources.xml 2011-09-15 05:05:37 UTC (rev 7434) @@ -132,6 +132,16 @@ <js-path>/javascript/eXo/core/DOMUtil.js</js-path> <js-priority>1</js-priority> </param> + <param> + <js-module>eXo.core.HTMLUtil</js-module> + <js-path>/javascript/eXo/core/HTMLUtil.js</js-path> + <js-priority>2</js-priority> + </param> + <param> + <js-module>eXo.core.html.HTMLEntities</js-module> + <js-path>/javascript/eXo/core/html/HTMLEntities.js</js-path> + <js-priority>1</js-priority> + </param> <param> <js-module>eXo.core.Browser</js-module> <js-path>/javascript/eXo/core/Browser.js</js-path> Modified: portal/branches/xss/web/eXoResources/src/main/webapp/javascript/eXo/core/HTMLUtil.js =================================================================== --- portal/branches/xss/web/eXoResources/src/main/webapp/javascript/eXo/core/HTMLUtil.js 2011-09-15 03:47:43 UTC (rev 7433) +++ portal/branches/xss/web/eXoResources/src/main/webapp/javascript/eXo/core/HTMLUtil.js 2011-09-15 05:05:37 UTC (rev 7434) @@ -21,7 +21,7 @@ * @author Nguyen Ba Uoc */ // 4test -if (eXo.require) eXo.require('eXo.core.html.HTMLEntities'); +//if (eXo.require) eXo.require('eXo.core.html.HTMLEntities'); function HTMLUtil() { this.entities = eXo.core.html.HTMLEntities ; Modified: portal/branches/xss/web/eXoResources/src/main/webapp/javascript/eXo/portal/PortalHttpRequest.js =================================================================== --- portal/branches/xss/web/eXoResources/src/main/webapp/javascript/eXo/portal/PortalHttpRequest.js 2011-09-15 03:47:43 UTC (rev 7433) +++ portal/branches/xss/web/eXoResources/src/main/webapp/javascript/eXo/portal/PortalHttpRequest.js 2011-09-15 05:05:37 UTC (rev 7434) @@ -61,6 +61,7 @@ * which is itself placed inside an array to provide an OO view of the * AJAX response */ + function PortletResponse(responseDiv) { var DOMUtil = eXo.core.DOMUtil ; var div = eXo.core.DOMUtil.getChildrenByTagName(responseDiv, "div") ; @@ -125,7 +126,7 @@ this.blocksToUpdate[j] = obj ; /* - * handle embeded javascripts to dynamically add them to the page head + * handle embedded javascripts to dynamically add them to the page head * * This is needed when we refresh an entire portal page that contains some * standard JSR 168 / 286 portlets with embeded <script> tag @@ -406,6 +407,8 @@ instance.executeScript = function(script) { if(script == null || script == "") return ; try { + var HTMLUtil = eXo.core.HTMLUtil; + script = HTMLUtil.entitiesDecode(script); eval(script) ; return; } catch(err) { @@ -421,7 +424,7 @@ } } } ; - + instance.updateHtmlHead = function(response) { if (!response) return; cleanHtmlHead(response);