Uploaded image for project: 'Confluence Source Editor Plugin'
  1. Confluence Source Editor Plugin
  2. SOURCE-25

Unknown XML Namespace in source clobbers content.

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

XMLWordPrintable

    • true
    • Severity 3 - Minor

      Overwriting content
      Use

      <math href="javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:alert(1)">CLICKME</maction> </math>

      in the source

      When you insert, the page content becomes this error:

      Error: The XML content could not be parsed. There is a problem at line 1, column 739. Parser message: Undeclared namespace prefix "xlink" (for attribute "href") at [row,col

      {unknown-source}

      ]: [1,739]

            [SOURCE-25] Unknown XML Namespace in source clobbers content.

            jonah (Inactive) made changes -
            Symptom Severity New: Minor [ 14432 ]
            Petch (Inactive) made changes -
            Assignee Original: Petch [ cpetchell ]
            Anatoli Kazatchkov [Administrative Account] made changes -
            Workflow Original: Confluence Bug Workflow [ 373803 ] New: New Confluence Default Workflow [ 466556 ]
            Petch (Inactive) made changes -
            Fix Version/s New: 1.x-unscheduled [ 25290 ]
            Fix Version/s Original: 1.0-beta2 [ 25291 ]
            Petch (Inactive) made changes -
            Status Original: New [ 10034 ] New: Open [ 1 ]
            Petch (Inactive) made changes -
            Security Original: Developers and Reporter Only [ 10040 ]
            Petch (Inactive) made changes -
            Fix Version/s New: 1.0-beta2 [ 25291 ]

            Petch (Inactive) added a comment -

            The transform engine, when processing an error returns the error as HTML.

            Can't fix the error handling in a plugin only, so will probably need to look for the error in the response in the short-term. Unfortunately error reporting is particularly poor in the transform engine.

            Petch (Inactive) added a comment - The transform engine, when processing an error returns the error as HTML. Can't fix the error handling in a plugin only, so will probably need to look for the error in the response in the short-term. Unfortunately error reporting is particularly poor in the transform engine.
            Mark Hrynczak (Inactive) created issue -

              Unassigned Unassigned
              mhrynczak Mark Hrynczak (Inactive)
              Archiver:
              mkhairuliana Monique Khairuliana (Inactive)

                Created:
                Updated:
                Archived:
                13 years, 23 weeks, 1 day ago