mirrors
/
vaadin-framework
kopia lustrzana https://github.com/vaadin/framework.git
Obserwuj 1
Gwiazdka 0
Forkuj 0
Kod Problemy 0 Wydania 330 Wiki Aktywność
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
16206 Commity
114 Gałęzie
Drzewo: 8aa5fabe89
Gałęzie Tagi
${ item.name }
Utwórz gałąź ${ searchTerm }
z '8aa5fabe89'
${ noResults }
vaadin-framework/documentation/advanced/advanced-security.asciidoc

advanced-security.asciidoc 2.5KB
Czysty Blame Historia

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556 
  1. ---

  2. title: Common Security Issues

  3. order: 8

  4. layout: page

  5. ---

  6. 

  7. [[advanced.security]]

  8. = Common Security Issues

  9. 

  10. [[advanced.security.sanitizing]]

  11. == Sanitizing User Input to Prevent Cross-Site Scripting

  12. 

  13. You can put raw HTML content in many components, such as the [classname]#Label#

  14. and [classname]#CustomLayout#, as well as in tooltips and notifications. In such

  15. cases, you should make sure that if the content has any possibility to come from

  16. user input, you must make sure that the content is safe before displaying it.

  17. Otherwise, a malicious user can easily make a

  18. link:http://en.wikipedia.org/wiki/Cross-site_scripting[cross-site scripting

  19. attack] by injecting offensive JavaScript code in such components. See other

  20. sources for more information about cross-site scripting.

  21. 

  22. Offensive code can easily be injected with [literal]#++<script>++# markup or in

  23. tag attributes as events, such as

  24. [parameter]#onLoad#.////

  25. TODO Consider an example, Alice, Bob,

  26. etc.

  27. ////

  28. Cross-site scripting vulnerabilities are browser dependent, depending on the

  29. situations in which different browsers execute scripting markup.

  30. 

  31. Therefore, if the content created by one user is shown to other users, the

  32. content must be sanitized. There is no generic way to sanitize user input, as

  33. different applications can allow different kinds of input. Pruning (X)HTML tags

  34. out is somewhat simple, but some applications may need to allow (X)HTML content.

  35. It is therefore the responsibility of the application to sanitize the input.

  36. 

  37. Character encoding can make sanitization more difficult, as offensive tags can

  38. be encoded so that they are not recognized by a sanitizer. This can be done, for

  39. example, with HTML character entities and with variable-width encodings such as

  40. UTF-8 or various CJK encodings, by abusing multiple representations of a

  41. character. Most trivially, you could input [literal]#++<++# and [literal]#++>++#

  42. with [literal]#++&lt;++# and [literal]#++&gt;++#, respectively. The input could

  43. also be malformed and the sanitizer must be able to interpret it exactly as the

  44. browser would, and different browsers can interpret malformed HTML and

  45. variable-width character encodings differently.

  46. 

  47. Notice that the problem applies also to user input from a

  48. [classname]#RichTextArea# is transmitted as HTML from the browser to server-side

  49. and is not sanitized. As the entire purpose of the [classname]#RichTextArea#

  50. component is to allow input of formatted text, you can not just remove all HTML

  51. tags. Also many attributes, such as [parameter]#style#, should pass through the

  52. sanitization.

  53. 

  54. 

  55.