Opera
Search the knowledge base
Advisory: Representation of DOM attribute values could allow cross-site scripting
Severity
Moderately Severe
Problem Description
When XML is imported into a document, its attribute values are not correctly presented to the DOM. This can allow their values to bypass sanitization filters. If these values are used as document content, they may in some cases allow scripts to be inserted.
Opera's Response
Opera Software has released Opera 9.26, where this issue has been fixed.
Credits
Thanks to Arnaud Le Blanc for reporting this issue to Opera Software.
Browse through articles in the same categories:
advisory
Support
- Overview
- Get started
- Register Opera Mobile
- Knowledge base
- Online communities
- Reporting bugs
- Opera Web Mail
- Access Opera
- Premium support
- Contact support
- Documentation
Opera Help
Need help? Hit F1 anytime while using Opera to access our online help files, or go here.
View mobile site
Copyright © 2009 Opera Software ASA. All rights reserved.