Javascript in wiki page executed by {index}

XMLWordPrintable

    • Type: Bug
    • Resolution: Duplicate
    • Priority: Medium
    • None
    • Affects Version/s: 2.2.9
    • Component/s: None
    • Environment:

      Standalone, JDK 1.5, Windows, IE6

      Arbitrary Javascript placed on a wiki page is executed if it is in the "blurb" included in the

      {index} macro.

      Example:
      page 1 contents:{index}

      page 2 (within same space as page 1) contents:
      <script>
      alert("We have a problem...");
      </script>

      Go to page 1. The index, including a brief summary of page 2, should appear. An alert window will pop up. In fact, any HTML will be rendered, so this may lead to additional problems I have not investigated

            Assignee:
            Unassigned
            Reporter:
            David Koppelman
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: