Element HTML content can be incorrectly returned without escaping, bypassing some HTML sanitizers – Opera Security Advisories

Severity

High

Description

When sites accept HTML from untrusted users, and use that HTML as page content, they typically sanitize the untrusted HTML to ensure that it does not contain any harmful content, such as malicious scripts. In some cases, this sanitization may be performed by writing and reading the contents of DOM elements. In certain situations, Opera may return the HTML contents of an element without correctly escaping all of the characters that denote HTML markup, allowing them to fool the sanitizer, so that they are subsequently interpreted as markup after being inserted into the page. This can then be used to facilitate cross-site scripting (XSS) attacks against Opera, without being detected by a sanitizer.

Opera’s Response

Opera Software has released Opera 12.01 and Opera 11.66, where this issue has been fixed.