stackoom
  简体   繁体   中英

Need help on rich:fileUpload issue on Linux

 原文  2015-10-29 14:44:45       javascript/ jsf/ file-upload/ richfaces

Question

I'm using rich:fileUpload in my application on linux when I try to upload any file containing html code in file name ie "file<img src=xyz onerror=alert('TEST')>Name.png" , it gives me javascript alert before uploading the file. I tried it on live demo and found the same issue there as well. How can I restrict/escape execution of html/script or XSS in file name on linux?

You can try it yourself by following steps on linux.

Create a file with name "file<img src=xyz onerror=alert('TEST')>Name.png" Access rich:fileUpload demo on richfaces showcase using below url. Upload file and you will see a javascript alert.

http://showcase.richfaces.org:8000/richfaces/component-sample.jsf?demo=fileUpload&skin=blueSky

1 answers

solution1
 -1  2015-10-30 05:24:22

I try to upload any file containing html code in file name ie "fileName.png".

You are saying html code in file name, but I don't see any html in "fileName.png".

If I'm not wrong file name should be something like file<img src=x onerror=alert('Javascript')>.pdf .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Need Help in Jquery issue for Filters Need Help to solve ajax issue? Twitter Bootstrap FileUpload issue Responsive search box issue, need help please Need some help with onClick and an if/else issue need help with an odd json parsing issue need help in css ie6 issue I need help to fix a minor issue Need Javascript help Dropdown Menu onclick issue Need a little help with this iframe scrolling issue
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM