continuum-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Reimer Prochnow (JIRA)" <j...@codehaus.org>
Subject [jira] Created: (CONTINUUM-1983) unescaped HTML in SCM Changes summary
Date Wed, 19 Nov 2008 09:05:41 GMT
unescaped HTML in SCM Changes summary
-------------------------------------

                 Key: CONTINUUM-1983
                 URL: http://jira.codehaus.org/browse/CONTINUUM-1983
             Project: Continuum
          Issue Type: Bug
          Components: Web - UI
    Affects Versions: 1.1
         Environment: Linux
            Reporter: Reimer Prochnow
            Priority: Minor


If you write HTML in scm commit comments, this HTML is shown in the SCM changes summary section
on the build result page.
It should be escaped for security issues.

The page involved is:
continuum-webapp\src\main\webapp\WEB-INF\jsp\buildresult.jsp, Line 61

<ec:column property="comment" title="buildResult.changes.comment" />

But the columns are rendered by extremecomponents taglib.
This should be able to escape HTML by configuration, unfortunately i do not find any documentation
on this taglib

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message