[ICE-5854] Output components don't escape JavaScript - ICEsoft JIRA Issue Tracker

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.8.2-EE-GA_P01, 2.0-Beta2
Fix Version/s: 2.0.0
Component/s: Framework, ICE-Components
Labels:
None
Environment:
All

Workaround Exists:

Yes
Workaround Description:

Hide
Escape the value before passing it in:

import com.icesoft.faces.util.DOMUtils;

escaped = DOMUtils.escapeAnsi(value);

Show
Escape the value before passing it in: import com.icesoft.faces.util.DOMUtils; escaped = DOMUtils.escapeAnsi(value);

Description

The ICEfaces output component are not escaped by default which makes them vulnerable to cross site scripting attacks. The <ice:outputText> uses the escape attribute but the other output components do not (ex: <ice:selectOneMenu/>). Doing a test in a pure JSF application reveals that the JSF framework by default filters/escapes JavaScript by default.

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Download All

Attachments

Hide
Case9225Example.war

29/Jun/10 2:31 PM

6.33 MB

Arran Mccullough
META-INF/MANIFEST.MF 0.1 kB

META-INF/context.xml 0.1 kB

WEB-INF/classes/.../example/TestBean.class 1.0 kB

WEB-INF/faces-config.xml 0.9 kB

WEB-INF/lib/FastInfoset.jar 285 kB

WEB-INF/lib/backport-util-concurrent.jar 319 kB

WEB-INF/lib/commons-beanutils.jar 226 kB

WEB-INF/lib/commons-collections.jar 558 kB

WEB-INF/lib/commons-digester.jar 140 kB

WEB-INF/lib/commons-discovery.jar 75 kB

WEB-INF/lib/commons-el.jar 110 kB

WEB-INF/lib/commons-fileupload.jar 56 kB

WEB-INF/lib/commons-lang.jar 240 kB

WEB-INF/lib/commons-logging.jar 52 kB

WEB-INF/lib/icefaces-comps.jar 1.96 MB

WEB-INF/lib/icefaces.jar 1.20 MB

WEB-INF/lib/jsf-api-1.2.jar 352 kB

WEB-INF/lib/jsf-impl-1.2.jar 822 kB

WEB-INF/web.xml 3 kB

display-listbox-page.jspx 1 kB

display-page.jspx 1.0 kB

index.jsp 0.1 kB

main.jspx 1 kB

page.jspx 0.9 kB

Download Zip
Show

Case9225Example.war

29/Jun/10 2:31 PM

6.33 MB

Arran Mccullough
Hide
Case9225Example2.war

29/Jun/10 2:27 PM

2.25 MB

Arran Mccullough
META-INF/MANIFEST.MF 0.1 kB

META-INF/context.xml 0.1 kB

WEB-INF/classes/.../example/TestBean.class 1.0 kB

WEB-INF/faces-config.xml 1 kB

WEB-INF/lib/commons-beanutils.jar 113 kB

WEB-INF/lib/commons-collections.jar 162 kB

WEB-INF/lib/commons-digester.jar 104 kB

WEB-INF/lib/commons-logging.jar 30 kB

WEB-INF/lib/jsf-api.jar 312 kB

WEB-INF/lib/jsf-impl.jar 1.14 MB

WEB-INF/lib/jstl.jar 20 kB

WEB-INF/lib/standard.jar 380 kB

WEB-INF/web.xml 0.8 kB

display-listbox-page.jsp 1.0 kB

display-page.jsp 0.8 kB

welcomeJSF.jsp 1 kB

Download Zip
Show

Case9225Example2.war

29/Jun/10 2:27 PM

2.25 MB

Arran Mccullough
Hide
Case9225ExampleCode.zip

29/Jun/10 2:32 PM

36 kB

Arran Mccullough
Case9225Example2/build.xml 3 kB

Case9225Example2/.../ant-deploy.xml 2 kB

Case9225Example2/.../build-impl.xml 46 kB

Case9225Example2/.../faces-config.NavData 0.3 kB

Case9225Example2/.../genfiles.properties 0.5 kB

Case9225Example2/.../private.properties 2 kB

Case9225Example2/nbproject/.../private.xml 0.2 kB

Case9225Example2/.../project.properties 2 kB

Case9225Example2/nbproject/project.xml 1 kB

Case9225Example2/src/conf/MANIFEST.MF 0.0 kB

Case9225Example2/src/.../TestBean.java 0.6 kB

Case9225Example2/.../display-listbox-page.jsp 1.0 kB

Case9225Example2/web/display-page.jsp 0.8 kB

Case9225Example2/web/.../context.xml 0.1 kB

Case9225Example2/web/.../faces-config.xml 1 kB

Case9225Example2/web/WEB-INF/web.xml 0.8 kB

Case9225Example2/web/welcomeJSF.jsp 1 kB

Case9225Example/build.xml 3 kB

Case9225Example/nbproject/ant-deploy.xml 2 kB

Case9225Example/nbproject/build-impl.xml 46 kB

Case9225Example/.../faces-config.NavData 0.7 kB

Case9225Example/.../genfiles.properties 0.5 kB

Case9225Example/.../private.properties 2 kB

Case9225Example/nbproject/.../private.xml 0.2 kB

Case9225Example/.../project.properties 2 kB

Case9225Example/nbproject/project.xml 0.9 kB

Case9225Example/src/conf/MANIFEST.MF 0.0 kB

Case9225Example/src/.../TestBean.java 0.6 kB

Case9225Example/.../display-listbox-page.jspx 1 kB

Case9225Example/web/display-page.jspx 1.0 kB

Showing 30 of 36 items Download Zip
Show

Case9225ExampleCode.zip

29/Jun/10 2:32 PM

36 kB

Arran Mccullough
Hide
showcase-additions.zip

10/Nov/10 4:43 PM

4 kB

Ted Goddard
display-listbox-page.xhtml 1 kB

display-page.xhtml 0.9 kB

main.xhtml 1 kB

page.xhtml 0.9 kB

WEB-INF/faces-config.xml 3 kB

WEB-INF/classes/.../example/TestBean.class 1.0 kB

Download Zip
Show

showcase-additions.zip

10/Nov/10 4:43 PM

4 kB

Ted Goddard

Activity

Repository	Revision	Date	User	Message
ICEsoft Public SVN Repository	#27216	Tue Jan 17 10:32:23 MST 2012	ted.goddard	backported output escaping from ~~ICE-5854~~ (~~ICE-7658~~)
				Files Changed
				MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/renderkit/dom_html_basic/SelectManyCheckboxListRenderer.java MODIFY /icefaces/trunk/icefaces/component/src/com/icesoft/faces/component/outputprogress/OutputProgressRenderer.java MODIFY /icefaces/trunk/icefaces/component/src/com/icesoft/faces/component/paneltabset/PanelTabSetRenderer.java MODIFY /icefaces/trunk/icefaces/component/src/com/icesoft/faces/component/panelcollapsible/PanelCollapsibleRenderer.java MODIFY /icefaces/trunk/icefaces/component/src/com/icesoft/faces/component/paneldivider/PanelDividerRenderer.java MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/renderkit/dom_html_basic/LabelRenderer.java MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/renderkit/dom_html_basic/CommandLinkRenderer.java MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/renderkit/dom_html_basic/MessageRenderer.java MODIFY /icefaces/trunk/icefaces/component/src/com/icesoft/faces/component/selectinputtext/SelectInputTextRenderer.java MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/context/DOMContext.java MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/renderkit/dom_html_basic/OutputMessageRenderer.java MODIFY /icefaces/trunk/icefaces/component/src/com/icesoft/faces/component/outputconnectionstatus/OutputConnectionStatusRenderer.java MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/renderkit/dom_html_basic/RadioRenderer.java MODIFY /icefaces/trunk/icefaces/component/src/com/icesoft/faces/component/outputchart/OutputChart.java MODIFY /icefaces/trunk/icefaces/component/src/com/icesoft/faces/component/inputrichtext/InputRichTextRenderer.java MODIFY /icefaces/trunk/icefaces/component/src/com/icesoft/faces/component/ext/renderkit/TableRenderer.java MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/renderkit/dom_html_basic/MenuRenderer.java MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/renderkit/dom_html_basic/TextRenderer.java MODIFY /icefaces/trunk/icefaces/component/src/com/icesoft/faces/component/selectinputdate/SelectInputDateRenderer.java

Repository	Revision	Date	User	Message
ICEsoft Public SVN Repository	#23123	Mon Nov 15 14:11:37 MST 2010	ted.goddard	escaping for DOMContext.createTextNode and new DOMContext.createTextNodeUnescaped (~~ICE-5854~~)
				Files Changed
				MODIFY /icefaces2/trunk/icefaces/compat/core/src/main/java/com/icesoft/faces/renderkit/dom_html_basic/LabelRenderer.java MODIFY /icefaces2/trunk/icefaces/compat/components/src/main/java/com/icesoft/faces/component/inputrichtext/InputRichTextRenderer.java MODIFY /icefaces2/trunk/icefaces/compat/components/src/main/java/com/icesoft/faces/component/outputchart/OutputChart.java MODIFY /icefaces2/trunk/icefaces/compat/components/src/main/java/com/icesoft/faces/component/selectinputdate/SelectInputDateRenderer.java MODIFY /icefaces2/trunk/icefaces/compat/components/src/main/java/com/icesoft/faces/component/outputconnectionstatus/OutputConnectionStatusRenderer.java MODIFY /icefaces2/trunk/icefaces/compat/components/src/main/java/com/icesoft/faces/component/selectinputtext/SelectInputTextRenderer.java MODIFY /icefaces2/trunk/icefaces/compat/core/src/main/java/com/icesoft/faces/renderkit/dom_html_basic/MenuRenderer.java MODIFY /icefaces2/trunk/icefaces/compat/components/src/main/java/com/icesoft/faces/component/paneltabset/PanelTabSetRenderer.java MODIFY /icefaces2/trunk/icefaces/compat/core/src/main/java/com/icesoft/faces/renderkit/dom_html_basic/CommandLinkRenderer.java MODIFY /icefaces2/trunk/icefaces/compat/components/src/main/java/com/icesoft/faces/component/outputprogress/OutputProgressRenderer.java MODIFY /icefaces2/trunk/icefaces/compat/core/src/main/java/com/icesoft/faces/renderkit/dom_html_basic/SelectManyCheckboxListRenderer.java MODIFY /icefaces2/trunk/icefaces/compat/components/src/main/java/com/icesoft/faces/component/ext/renderkit/TableRenderer.java MODIFY /icefaces2/trunk/icefaces/compat/core/src/main/java/com/icesoft/faces/renderkit/dom_html_basic/RadioRenderer.java MODIFY /icefaces2/trunk/icefaces/compat/core/src/main/java/com/icesoft/faces/renderkit/dom_html_basic/MessageRenderer.java MODIFY /icefaces2/trunk/icefaces/compat/components/src/main/java/com/icesoft/faces/component/panelcollapsible/PanelCollapsibleRenderer.java MODIFY /icefaces2/trunk/icefaces/compat/core/src/main/java/com/icesoft/faces/renderkit/dom_html_basic/OutputMessageRenderer.java MODIFY /icefaces2/trunk/icefaces/compat/core/src/main/java/com/icesoft/faces/renderkit/dom_html_basic/TextRenderer.java MODIFY /icefaces2/trunk/icefaces/compat/core/src/main/java/com/icesoft/faces/context/DOMContext.java MODIFY /icefaces2/trunk/icefaces/compat/components/src/main/java/com/icesoft/faces/component/paneldivider/PanelDividerRenderer.java

People

Assignee:

Ted Goddard

Reporter:

Arran Mccullough

Votes:

0 Vote for this issue

Watchers:

0 Start watching this issue

Dates

Created:

29/Jun/10 2:25 PM

Updated:

03/Jan/11 4:19 PM

Resolved:

15/Nov/10 3:15 PM