Red Hat Bugzilla – Bug 1016514
Nitrate is vulnerable to XSS when w3m is not installed
Last modified: 2016-05-26 09:12:54 EDT
Input from fields with TinyMCE widget (TestPlan: Summary, TestCase: Breakdown, Setup, Action, Expected Results) is not sanitized and is rendered as is to the clients.
The offending function is:
Pipes given HTML string into the text browser W3M, which renders it.
Rendered text is grabbed from STDOUT and returned.
cmd = "w3m -dump -T text/html -O ascii"
proc = Popen(cmd, shell = True, stdin = PIPE, stdout = PIPE)
# something bad happened, so just return the input