continuum-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brent N Atkinson (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CONTINUUM-2763) Build result page does not escape commit messages for HTML
Date Sun, 03 May 2015 13:48:05 GMT

     [ https://issues.apache.org/jira/browse/CONTINUUM-2763?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Brent N Atkinson updated CONTINUUM-2763:
----------------------------------------
    Attachment: CONTINUUM-2763.png

Attached a screenshot demonstrating an example from continuum-ci.a.o

> Build result page does not escape commit messages for HTML
> ----------------------------------------------------------
>
>                 Key: CONTINUUM-2763
>                 URL: https://issues.apache.org/jira/browse/CONTINUUM-2763
>             Project: Continuum
>          Issue Type: Bug
>    Affects Versions: 1.4.2
>            Reporter: Brent N Atkinson
>             Fix For: 1.5.0
>
>         Attachments: CONTINUUM-2763.png
>
>
> This was discovered when encountering CONTINUUM-2762 on continuum-ci.a.o. One of the
commit messages contained an HTML input tag, which was apparent when visiting the page since
focus was forced to it. Messages should be escaped for safe display to a web browser to prevent
this.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message