Failure to Sanitize Invalid Characters in Identifiers in Web Pages |
Weakness ID: 86 (Weakness Variant) | Status: Draft |
Description Summary
The software does not strip out invalid characters in the middle of tag names, URI schemes, and other identifiers, which are still rendered by some web browsers that ignore the characters. Some commonly used characters include null, CRLF, and other non-standard whitespace.
Reference | Description |
---|---|
CVE-2004-0595 | XSS filter doesn't filter null characters before looking for dangerous tags, which are ignored by web browsers. Multiple Interpretation Error (MIE) and validate-before-cleanse. |
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Weakness Base | 79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') | Development Concepts (primary)699 Research Concepts (primary)1000 |
ChildOf | Weakness Base | 436 | Interpretation Conflict | Research Concepts1000 |
PeerOf | Weakness Base | 184 | Incomplete Blacklist | Research Concepts1000 |
Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
---|---|---|---|
PLOVER | Invalid Characters in Identifiers |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
PLOVER | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Description, Name, Relationships, Other Notes, Taxonomy Mappings | ||||
2009-10-29 | CWE Content Team | MITRE | Internal | |
updated Description, Other Notes | ||||
Previous Entry Names | ||||
Change Date | Previous Entry Name | |||
2008-09-09 | Invalid Characters in Identifiers | |||