[SOURCE-25] Unknown XML Namespace in source clobbers content.

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

Type: Bug
Resolution: Unresolved
Priority: Low
Fix Version/s: 1.x-unscheduled
Affects Version/s: 1.0-m2
Labels:
- blitz-10m2

Last commented by user?:
true
Symptom Severity:
Severity 3 - Minor

Overwriting content
Use

<math href="javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:alert(1)">CLICKME</maction> </math>

in the source

When you insert, the page content becomes this error:

Error: The XML content could not be parsed. There is a problem at line 1, column 739. Parser message: Undeclared namespace prefix "xlink" (for attribute "href") at [row,col

{unknown-source}

]: [1,739]

Petch (Inactive) added a comment - 04/Mar/2012 9:43 PM

The transform engine, when processing an error returns the error as HTML.

Can't fix the error handling in a plugin only, so will probably need to look for the error in the response in the short-term. Unfortunately error reporting is particularly poor in the transform engine.

Petch (Inactive) added a comment - 04/Mar/2012 9:43 PM The transform engine, when processing an error returns the error as HTML. Can't fix the error handling in a plugin only, so will probably need to look for the error in the response in the short-term. Unfortunately error reporting is particularly poor in the transform engine.

Assignee:: Unassigned

Reporter:: Mark Hrynczak (Inactive)

Archiver:: Monique Khairuliana (Inactive)

Participants:: Mark Hrynczak, Petch

Created:: 04/Mar/2012 9:42 PM

Updated:: 26/Aug/2016 5:02 AM

Archived:: 02/Sep/2019 3:16 AM

Last commented:: 13 years, 21 weeks ago

Details

Description

Attachments

Forms

Activity

Collapse comment: Petch (Inactive) added a comment - 04/Mar/2012 9:43 PM

Expand comment: Petch (Inactive) added a comment - 04/Mar/2012 9:43 PM

People

Dates