This forum is in READ-ONLY mode.
You can look around, but if you want to ask a new question, please use Stack Overflow.

Website pops up javascript alert() from the documentation!

About symfony tutorials, symfony book and API documentation.

Website pops up javascript alert() from the documentation!

by gothick » Mon Feb 14, 2011 9:37 pm

Just noticed on visiting http://www.symfony-project.org/api/1_4/ ... BaseHelper that it pops up a Javascript alert on page load, which seems to be being generated directly from the code comments! Is this a good place to mention that so the right people can take a look at the comment or the doc generator?

(Presumably this means you could do a XSS attack on symfony-project.org by changing the comments in a function, though presumably that's quite a remote danger!)

Cheers,

Matt
gothick
Junior Member
 
Posts: 3
Joined: Thu Jan 13, 2011 2:21 pm

Re: Website pops up javascript alert() from the documentatio

by halfer » Wed Mar 16, 2011 11:22 pm

Hmm, that is odd. Looks like the page parser has borked.

I'll ping Fabien and ask him to fix.
halfer
Faithful Member
 
Posts: 10148
Joined: Mon Jan 30, 2006 1:16 pm
Location: West Midlands, UK

Re: Website pops up javascript alert() from the documentatio

by halfer » Wed Mar 16, 2011 11:55 pm

Fabien got back to me already, and is aware of it. Problem with the Markdown parser, apparently - annoying, but thankfully not a security risk.

Thanks for the report though, it is always best to be safe :)
halfer
Faithful Member
 
Posts: 10148
Joined: Mon Jan 30, 2006 1:16 pm
Location: West Midlands, UK

Re: Website pops up javascript alert() from the documentatio

by gothick » Thu Mar 17, 2011 12:34 am

No problem! Once I'd worked out what was going on, it was more funny than worrying :)
gothick
Junior Member
 
Posts: 3
Joined: Thu Jan 13, 2011 2:21 pm

Re: Website pops up javascript alert() from the documentatio

by beinphoni » Mon May 23, 2011 10:48 am

That is a small javascript big that is not that serious. Maybe it is just a bad thing for some comments related articles. That could affect some reputation for the articles on the websites.
beinphoni
Junior Member
 
Posts: 2
Joined: Mon May 23, 2011 10:30 am