Representation of DOM attribute values could allow cross-site scripting

2008-12-16T00:00:00
ID OPERA:880
Type opera
Reporter Opera
Modified 2008-12-16T00:00:00

Description

When XML is imported into a document, its attribute values are not correctly presented to the DOM. This can allow their values to bypass sanitization filters. If these values are used as document content, they may in some cases allow scripts to be inserted.