[Mono-bugs] [Bug 78948][Nor] New - [PATCH] HtmlTextArea.Value should be encoded, even under 1.0
bugzilla-daemon at bugzilla.ximian.com
bugzilla-daemon at bugzilla.ximian.com
Tue Jul 25 14:53:32 EDT 2006
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by dean at brettle.com.
http://bugzilla.ximian.com/show_bug.cgi?id=78948
--- shadow/78948 2006-07-25 14:53:32.000000000 -0400
+++ shadow/78948.tmp.16512 2006-07-25 14:53:32.000000000 -0400
@@ -0,0 +1,69 @@
+Bug#: 78948
+Product: Mono: Class Libraries
+Version: 1.1
+OS:
+OS Details:
+Status: NEW
+Resolution:
+Severity:
+Priority: Normal
+Component: Sys.Web
+AssignedTo: gonzalo at ximian.com
+ReportedBy: dean at brettle.com
+QAContact: mono-bugs at ximian.com
+TargetMilestone: ---
+URL:
+Cc:
+Summary: [PATCH] HtmlTextArea.Value should be encoded, even under 1.0
+
+Description of Problem:
+
+The HtmlTextArea renders its Value property verbatim instead of
+HTML-encoding it. This is inconsistent with ASP.NET 1.1.4322.2300 and
+opens up Mono-based sites to script injection attacks. This bug was
+previously fixe for the 2.0 profile (see bug 78074), but seems to have been
+intentionally left in for the 1.0 profile. I've tested the behavior of
+ASP.NET 1.1 and confirmed that it does not have this bug (i.e. it *does*
+HTML-encode the value).
+
+Steps to reproduce the problem:
+1. View the following aspx page under the 1.0 profile:
+
+<%@ language="c#" %>
+<html>
+<script runat="server">
+ void Page_Load (object sender, EventArgs e)
+ {
+ //myTA.InnerText = "Hi there!\nCool!";
+ myTA.Value = "<hola>something</hola>";
+ }
+</script>
+<head>
+<title>HtmlTextArea</title>
+</head>
+<body>
+<form runat="server">
+<textarea id="myTA" cols=25 rows=5 runat="server" />
+</form>
+</body>
+</html>
+
+2. View the HTML source that is rendered.
+
+Actual Results:
+
+<textarea name="myTA" id="myTA" cols="25"
+rows="5"><hola>something</hola></textarea>
+
+Expected Results:
+
+<textarea name="myTA" id="myTA" cols="25"
+rows="5"><hola>something<:/hola></textarea>
+
+How often does this happen?
+
+Everytime.
+
+Additional Information:
+
+I'll attach the obvious patch.
More information about the mono-bugs
mailing list