[Trac-tickets] [The Trac Project] #2777: html processor trivially
exploited to make pages completely unrenderable
The Trac Project
noreply at edgewall.com
Sat Feb 18 19:58:47 CST 2006
#2777: html processor trivially exploited to make pages completely unrenderable
--------------------------------+-------------------------------------------
Reporter: exarkun at divmod.com | Owner: jonas
Type: defect | Status: new
Priority: high | Milestone:
Component: general | Version: 0.9.4
Severity: critical | Keywords:
--------------------------------+-------------------------------------------
By adding an invalid entity inside a section of markup using the html
processor, trac can be made to render an error page with no content and no
buttons for undoing the damage. Presumably the page will remain in this
state until an admin manually fixes the database.
An example of this is:
{{{
{{{
#!html
&junk;
}}}
}}}
--
Ticket URL: <http://projects.edgewall.com/trac/ticket/2777>
The Trac Project <http://trac.edgewall.com/>
More information about the Trac-Tickets
mailing list