Unsafe i18n calls

2013-01-02T02:49:57
ID ATLASSIAN:CONF-27641
Type atlassian
Reporter kburnett
Modified 2017-02-17T05:46:58

Description

The following i18n calls are passed unsafe variables. This means that while a vulnerability is not currently present in the English version, it is possible that vulnerabilities could exist in translations produced by well-meaning parties.

Additionally, seemingly safe changes to these i18n keys could introduce vulnerabilities which would not be picked up again by our scanner.

Unsafe i18n calls: confluence-core/confluence-webapp/src/main/webapp/pages/removecomment.vm {code} $action.getText("title.remove.comment", [$action.getPage().getTitle()]) {code}

confluence-core/confluence-webapp/src/main/webapp/template/includes/page-move-templates.vm: {code} $i18n.getText("move.page.dialog.location.description", [$page.title]) {code}

{code} $i18n.getText('tip.edit.movepage.search', [$page.title]) {code}

These variables are currently unused in the English translations, so could be removed. Alternatively, they could be escaped by replacing the lines with the following (respectively):

confluence-core/confluence-webapp/src/main/webapp/pages/removecomment.vm {code} $action.getText("title.remove.comment", ["$action.getPage().getTitle()"]) {code}

confluence-core/confluence-webapp/src/main/webapp/template/includes/page-move-templates.vm: {code} $i18n.getText("move.page.dialog.location.description", ["$page.title"]) {code}

{code} $i18n.getText('tip.edit.movepage.search', ["$page.title"]) {code}