Not logged in. · Lost password · Register
Forum: General Help and Support General Stuff RSS
XSS execution in search popup on demo site
Avatar
Arpit #1
User title: AG
Member since Mar 2017 · 3 posts
Group memberships: Members
Show profile · Link to this post
Subject: XSS execution in search popup on demo site
http://trirand.com/blog/jqgrid/jqgrid.html -> Searching -> Show query in search

If I add the text <script>alert('XSS');</script> in the textbox and click out of the box, script is executed.

It happens because any value typed in textbox is directly copied to the label on top of the box.

Is there any way to encode this label and not have the script executed?
Avatar
andi (Administrator) #2
User title: splitbrain
Member since May 2006 · 3187 posts · Location: Berlin Germany
Group memberships: Administrators, Members
Show profile · Link to this post
The page you linked is not running dokuwiki!?
Read this if you don't get any useful answers.
Lies dies wenn du keine hilfreichen Antworten bekommst.
Avatar
Arpit #3
User title: AG
Member since Mar 2017 · 3 posts
Group memberships: Members
Show profile · Link to this post
Not sure I understood what you asked. I specified the exact setup of the grid I'm using and the scenario it's failing on.

This is what I was referring to : http://imgur.com/a/kThoQ

Please let me know if I can clarify any further
Avatar
andi (Administrator) #4
User title: splitbrain
Member since May 2006 · 3187 posts · Location: Berlin Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Are you aware that you are posting in the support forum for a software called DokuWiki about a software called jqgrid? I think you are wrong here.
Read this if you don't get any useful answers.
Lies dies wenn du keine hilfreichen Antworten bekommst.
Avatar
Arpit #5
User title: AG
Member since Mar 2017 · 3 posts
Group memberships: Members
Show profile · Link to this post
Ah! Must have mixed up the links. Can you please delete this thread? Sincere apologies
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Go to forum
Imprint
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Current time: 2017-11-21, 08:56:59 (UTC +01:00)