Uploaded image for project: 'Continuum'
  1. Continuum
  2. CONTINUUM-2763

Build result page does not escape commit messages for HTML

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.4.2
    • 1.5.0
    • None
    • None

    Description

      This was discovered when encountering CONTINUUM-2762 on continuum-ci.a.o. One of the commit messages contained an HTML input tag, which was apparent when visiting the page since focus was forced to it. Messages should be escaped for safe display to a web browser to prevent this.

      Attachments

        1. CONTINUUM-2763.png
          65 kB
          Brent Atkinson

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. CONTINUUM-1983 unescaped HTML in SCM Changes summary

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              Unassigned Unassigned
              batkinson Brent Atkinson
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: