Formula and Summary fields allow to inject JavaScript to be executed in current user's context.
Examples that can be executed on any ListGrid allowing Formula and Summary fields.
*Formula Field:
Add a new formula field with formula: isc.say('hi');
The javascript is evaluated for each record when the grid is shown
*Summary Field:
In this case it is not possible to directly execute javascript, but, for example, it is possible to add a link that executes it when the user click on it.
Add a new Summary Field with summary: <a onclick="isc.say(\'a\')">click me</a>
In our application, we allow the user save current grid status (including these fields) and share it to other users. In our case this is a vulnerability because malicious user A could save these fields which might be executed within user B's context.
Examples that can be executed on any ListGrid allowing Formula and Summary fields.
*Formula Field:
Add a new formula field with formula: isc.say('hi');
The javascript is evaluated for each record when the grid is shown
*Summary Field:
In this case it is not possible to directly execute javascript, but, for example, it is possible to add a link that executes it when the user click on it.
Add a new Summary Field with summary: <a onclick="isc.say(\'a\')">click me</a>
In our application, we allow the user save current grid status (including these fields) and share it to other users. In our case this is a vulnerability because malicious user A could save these fields which might be executed within user B's context.
Comment