Solved

javascript/html injection

Posted on 2012-03-18
5
243 Views
Last Modified: 2012-03-19
we have a bookmarlet that calls an asp page,

the asp page returns html(embedded inside a javascript code)

then javascript gets execuded and the hmtl inserted into a textbox on a webform.

everything works fine if data being passed is plain text, but with html does not work.

Since this is a bookmarlet, there are no error messages.

We do tried escaping the html from the database, we replace ' single quotes and "" double/double quotes when returning the html back.

Any ideas ?
0
Comment
Question by:goodluck11
  • 3
  • 2
5 Comments
 

Author Comment

by:goodluck11
ID: 37735841
 sample code

var formContent = {
"0":"905",
"9":"",
"10":"<table border="0" cellspacing="10" cellpadding="0" width="860" bgcolor="#ffffff"> <tr> <td width="400" valign="top" align="left" style="border:none;"> <img src="http://www.imagesurl.com/frames/2011/10/25/15925462.jpg"><br/><br/> <table cellspacing="10"><tr><td><a target="_blank" href="http://www.imagesurl.info/frames/2011/10/25/15925457.jpg"><img src="http://www.imagesurl.info/frames/2011/10/25/15925469.jpg" border="0"></a></td><td><a target="_blank" href="http://www.imagesurl.info/frames/2011/10/25/15925453.jpg"><img src="http://www.imagesurl.info/frames/2011/10/25/15925459.jpg" border="0"></a>"
}

Open in new window

0
 

Author Comment

by:goodluck11
ID: 37735849
 here is the code inserting the form values


var form = document.getElementById('Form1'); 

	for (var o in formContent) 
	{
		form.elements[o].value=formContent[o];
	}

Open in new window

0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 37736080
Either put the whole HTML string inside single quotes or put the parameters within the string single quotes.

You have:

"<table border="0" cellspacing="10" ... >"

So you double quote the whole string, but you then have parameters within double quotes also.

So as the string gets parsed as you have it now, it sees

"<table border="  Then a zero, then the start of another string " cellspacing=", then the number 10 and so on.  You either need:

'<table border="0" cellspacing="10" ... >'

Or

"<table border='0' cellspacing='10' ...>"

The only other way is to find out a way to escape the double quotes that are contained within the string you want to pass.
0
 

Author Comment

by:goodluck11
ID: 37736272
Thats great thank! single quotes worked,

But didnt understand this:

> but you then have parameters within double quotes also.  -?

Outputting one or twice double quotes didn't work.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 37736978
You have the value for table border within double quotes:

--> table border="0"

And the whole string was within double quote "< ..... >"

So you basically had:

  "< table border = "0">"

You either needed:

   '< table border ="0">'

or

    "< table border ='0'>"

Or escape the quotes within the string:

    "< table border =\"0\">"

Does that make sense?
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article discusses four methods for overlaying images in a container on a web page
Find out what you should include to make the best professional email signature for your organization.
In this tutorial viewers will learn how to position items using CSS's three positioning types Create a new HTML document with an internal stylesheet.: Create another div in CSS and name it Absolute : Type "position:absolute;" and "top:10px; left:50p…
In this tutorial viewers will learn how to style a corner ribbon overlay for an image using CSS Create a new class by typing ".Ribbon":  Define the class' "display:" as "inline-block": Define its "position:" as "relative": Define its "overflow:" as …

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question