What could cause this kind security issue?
I was just going through some security blogs and I found this image of an major financial en开发者_运维百科tity and I was not sure of what could have caused this kind of error to appear on client facing page and how to fix it so that we do not have any potential security loop hole in the system ?
It looks like a badly closed workaround to use CDATA in browsers that don't support XHTML.
For example, this is fine in HTML:
<script type="text/javascript">
if (1 > 0) {
}
</script>
However, because of >
, this wouldn't work in XHTML. For this, you would have to use CDATA to escape the script itself, like this:
<script type="text/javascript">
//<![CDATA[
if (1 > 0) {
}
//]]>
</script>
Here, the CDATA is within the script, but a comment as far as the script is concerned.
Some browsers don't seem to like the CDATA in HTML, so some people use a trick to double-escape the CDATA with XML comments on top of this:
<script type="text/javascript">
<!--//--><![CDATA[//><!--
if (1 > 0) {
}
//--><!]]>
</script>
It looks like your problem comes from one of these double-escape tricks to be badly closed. (//--><!]]>
may have to be on the same line).
I'm not sure if it's a security issue as such; it would depend on what else is incorrectly displayed/transformed (this may come from a server-side XSLT or similar).
精彩评论