continuum-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Reimer Prochnow (JIRA)" <>
Subject [jira] Created: (CONTINUUM-1983) unescaped HTML in SCM Changes summary
Date Wed, 19 Nov 2008 09:05:41 GMT
unescaped HTML in SCM Changes summary

                 Key: CONTINUUM-1983
             Project: Continuum
          Issue Type: Bug
          Components: Web - UI
    Affects Versions: 1.1
         Environment: Linux
            Reporter: Reimer Prochnow
            Priority: Minor

If you write HTML in scm commit comments, this HTML is shown in the SCM changes summary section
on the build result page.
It should be escaped for security issues.

The page involved is:
continuum-webapp\src\main\webapp\WEB-INF\jsp\buildresult.jsp, Line 61

<ec:column property="comment" title="buildResult.changes.comment" />

But the columns are rendered by extremecomponents taglib.
This should be able to escape HTML by configuration, unfortunately i do not find any documentation
on this taglib

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:


View raw message