[SECURITY] t3lib_div::quoteJSvalue allows XSS
authorHelmut Hummel <helmut.hummel@typo3.org>
Wed, 15 Aug 2012 10:18:14 +0000 (12:18 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 15 Aug 2012 10:18:17 +0000 (12:18 +0200)
commit4c8c0fdd6498c88a6de0e1250c10710fcbc82b4e
treea5c4cff3b73c66f3c9782e79652fd5c800d2eb9a
parentd53a5909f42a91a12033d3f3e52fee6a9e840a2c
[SECURITY] t3lib_div::quoteJSvalue allows XSS

When t3lib_div::quoteJSvalue() was used with second
parameter set to TRUE closing HTML script tags were
not escaped correctly.

Now every character except harmless ones is encoded
to a hex representation.

Change-Id: I98d752ca13abb8655eb1fc06c003d9228c61b952
Releases: 6.0, 4.7, 4.6, 4.5
Fixes: #23226
Security-Commit: 5df5647a9ed543de5451f4ab4baa6767218d89db
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13745
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
t3lib/class.t3lib_div.php
t3lib/codec/class.t3lib_codec_javascriptencoder.php [new file with mode: 0644]
t3lib/core_autoload.php
tests/t3lib/class.t3lib_divTest.php
tests/t3lib/codec/t3lib_codec_javascriptencoderTest.php [new file with mode: 0644]