Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-31616

"Safe HTML" vulnerable to protocol-relative form action

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Labels:
    • Environment:
    • Similar Issues:

      Description

      With "safe html" enabled for user text entry, a form with an external action URI is scrubbed. However, is it possible to write a form having a protocol-relative action URI that could be used to leak sensitive data to an external service.

      For example, this HTML is scrubbed correctly with the form action removed:

      <form action="https://malicious.com">
      <input type="submit">
      </form>

      The form action in this example is not scrubbed and it is possible for a user to create a form that directs to an external site:

      <form action="//malicious.com">
      <input type="submit">
      </form>

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                danielbeck Daniel Beck
                Reporter:
                jec Josh Cook
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: