Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Reference for issue details

Luc | Last updated: Mar 26, 2019 04:08PM UTC

The issue details, specifically IScanIssue.getIssueDetail(), allow "[a] limited set of HTML tags": <br> is interpreted as newline and <table>s are formatted correctly. But there is no CSS, <font color=green> does not work, <hr> does not work, <table border=1> does not show a border, etc. I have not been able to find any documentation on this. Is there documentation somewhere on which elements are allowed to be used? I'm also interested as to why the subset of allowed HTML is so small, when my extension can already do rm -rf / or format c: if it wants to, but that's a secondary question.

Burp User | Last updated: Mar 26, 2019 04:10PM UTC

I modified the subject and added some text to my message after getting to the pre_create page where some search results are shown, but it seems this was not taken up by the website. I added the following and then used the bottom submit button: PS. When submitting this port, I got to the pre_create page where some search results are shown. Scrolling down, the body of the message is appended to the Subject, and the Topic pull-down menu is reset to a different one. It seems something is buggy when echoing the form data back to the user.

PortSwigger Agent | Last updated: Mar 26, 2019 04:11PM UTC

I don't think this is documented, but the allowed tags are: b, strong, i, p, br, a, ul, ol, li, table, tr, td, h4, wbr, pre, code, div The restriction was originally because issues were rendered using a very limited Java HTML widget. We're likely to leave the restriction in place though. By the way, extensions that do rm -rf will not be allowed in the BApp Store! The support center is provided by a third party and occasionally slightly buggy. We're going to be moving this in house in future.

Burp User | Last updated: Mar 27, 2019 01:50PM UTC

Thanks for the lightning fast response, Paul! Much appreciated.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.