Details
-
Bug
-
Resolution: Unresolved
-
Neutral
-
None
-
None
-
None
Description
The default magnolia solr search does not sanitize user input. We could do interesting things with search terms like
...?queryStr=%3Ca+href%3D%22lol+was+geht%22%3E+spielplatz+%3C%2Fa%3E+%3Cimg+src%3D%22irgendwas%22+onerror%3D%22window.location%3D%27https%3A%2F%2Fgoogle.de%3Fq%3Dxss%27%22%3E#%22%3E%20spielplatz%20%3C/a%3E
or showing an image and trying to link something in the recommendations (Vorschläge)
...?queryStr=%3Ca+href%3D%22www.google.de%22%3E+spielplatz+%3C%2Fa%3E+%3Cimg+src%3D%22https%3A%2F%2Fwww.genobroker-info.de%2Fdam%2Fjcr%3Aa7a45853-1c0e-4327-8639-8cc257b4a80d%2F321_Raiffeisen%2520Aulendorf%2520Logo%25204c1sp.png%22
We tried to sanitize the input by using the following code in the search model:
public String getQueryStr() {
String queryString = super.getQueryStr();
String sanitizesQueryString = StringEscapeUtils.escapeHtml4(queryString);
return sanitizesQueryString;
}
Checklists
Acceptance criteria