[typo] XSS vulnerability?

gpshewan gpsnospam at gmail.com
Sat Nov 26 11:53:55 EST 2005


Is this what your after Scott?

$ rake
/usr/bin/ruby1.8 -Ilib:test "/usr/lib/ruby/gems/1.8/gems/rake-0.6.2/ 
lib/rake/rak
e_test_loader.rb" "test/unit/article_test.rb" "test/unit/ 
blacklist_pattern_test.
rb" "test/unit/category_test.rb" "test/unit/comment_test.rb" "test/ 
unit/configur
ation_test.rb" "test/unit/delicious_test.rb" "test/unit/ 
flickr_test.rb" "test/un
it/fortythree_test.rb" "test/unit/page_cache_test.rb" "test/unit/ 
page_test.rb" "
test/unit/ping_test.rb" "test/unit/resource_test.rb" "test/unit/ 
setting_test.rb"
"test/unit/sidebar_test.rb" "test/unit/theme_test.rb" "test/unit/ 
trackback_test
.rb" "test/unit/user_test.rb" "test/unit/audioscrobbler_test.rb"  
"test/unit/obse
rver_test.rb" "test/unit/tag_test.rb" "test/unit/text_filter_test.rb"
/usr/local/lib/site_ruby/1.8/rubygems/custom_require.rb:18:in  
`require__': no su
ch file to load -- http_mock (MissingSourceFile)
         from /usr/local/lib/site_ruby/1.8/rubygems/custom_require.rb: 
18:in `requ
ire'
         from /usr/lib/ruby/gems/1.8/gems/activesupport-1.2.3/lib/ 
active_support/
dependencies.rb:214:in `require'
         from ./test/unit/article_test.rb:3
         from /usr/lib/ruby/gems/1.8/gems/rake-0.6.2/lib/rake/ 
rake_test_loader.rb
:5:in `load'
         from /usr/lib/ruby/gems/1.8/gems/rake-0.6.2/lib/rake/ 
rake_test_loader.rb
:5
         from /usr/lib/ruby/gems/1.8/gems/rake-0.6.2/lib/rake/ 
rake_test_loader.rb
:5:in `each'
         from /usr/lib/ruby/gems/1.8/gems/rake-0.6.2/lib/rake/ 
rake_test_loader.rb
:5
/usr/bin/ruby1.8 -Ilib:test "/usr/lib/ruby/gems/1.8/gems/rake-0.6.2/ 
lib/rake/rak
e_test_loader.rb" "test/functional/accounts_controller_test.rb" "test/ 
functional
/articles_controller_test.rb" "test/functional/ 
backend_controller_test.rb" "test
/functional/theme_controller_test.rb" "test/functional/ 
xml_controller_test.rb" "
test/functional/textfilter_controller_test.rb" "test/functional/admin/ 
blacklist_
controller_test.rb" "test/functional/admin/ 
categories_controller_test.rb" "test/
functional/admin/comments_controller_test.rb" "test/functional/admin/ 
content_con
troller_test.rb" "test/functional/admin/general_controller_test.rb"  
"test/functi
onal/admin/themes_controller_test.rb" "test/functional/admin/ 
trackbacks_controll
er_test.rb" "test/functional/admin/users_controller_test.rb" "test/ 
functional/ad
min/article_preview_test.rb" "test/functional/admin/ 
pages_controller_test.rb" "t
est/functional/admin/resources_controller_test.rb"
/usr/local/lib/site_ruby/1.8/rubygems/custom_require.rb:18:in  
`require__': no such file to load -- dns_mock (MissingSourceFile)
         from /usr/local/lib/site_ruby/1.8/rubygems/custom_require.rb: 
18:in `require'
         from /usr/lib/ruby/gems/1.8/gems/activesupport-1.2.3/lib/ 
active_support/dependencies.rb:214:in `require'
         from ./test/functional/articles_controller_test.rb:3
         from /usr/lib/ruby/gems/1.8/gems/activesupport-1.2.3/lib/ 
active_support/dependencies.rb:207:in `load'
         from /usr/lib/ruby/gems/1.8/gems/activesupport-1.2.3/lib/ 
active_support/dependencies.rb:207:in `load'
         from /usr/lib/ruby/gems/1.8/gems/rake-0.6.2/lib/rake/ 
rake_test_loader.rb:5
         from /usr/lib/ruby/gems/1.8/gems/rake-0.6.2/lib/rake/ 
rake_test_loader.rb:5:in `each'
         from /usr/lib/ruby/gems/1.8/gems/rake-0.6.2/lib/rake/ 
rake_test_loader.rb:5
rake aborted!
Test failures



On 26 Nov 2005, at 16:45, Scott Laird wrote:

> Argh!  It's supposed to be filtered.  What happens when you run
> 'rake'?  There's are several XSS-related tests, do any tests fail?
>
>
> Scott
>
> On Nov 26, 2005, at 8:28 AM, gpshewan wrote:
>
>> Not being a javascript expert, how much of a concern is Ticket #551
>> that nikanorov just submitted?
>>
>>> Why when I add comment like ---comment---- <script> alert ("Typo
>>> sucks"); </script> ---comment----
>>>
>>> it works? Are you kidding?
>> And he's right ... it does.
>>
>> Gary
>> _______________________________________________
>> Typo-list mailing list
>> Typo-list at rubyforge.org
>> http://rubyforge.org/mailman/listinfo/typo-list
>
> _______________________________________________
> Typo-list mailing list
> Typo-list at rubyforge.org
> http://rubyforge.org/mailman/listinfo/typo-list



More information about the Typo-list mailing list