Apache Allura™

Forge software for hosting software projects

Brought to you by: alexluberg, brondsem, ccruz, deshani, and 11 others

#1221 Fix injection problem when using

Milestone: v1.0.0

Status: closed

Owner: Rick Copeland

Labels: sf-2 (994)

Component: General

Reviewer: nobody

Updated: 2015-08-20

Created: 2010-12-07

Creator: Rick Copeland

Private: No

Currently we get a very strange error when editing tickets with double quotes in their summary (see this ticket for example)

Discussion

Rick Copeland - 2010-12-07

summary: Fix injection problem when using "double quotes" in ticket summary --> Fix injection problem when using "double quotes><script>alert('hi')</script>" in ticket summary

summary: Fix injection problem when using "double quotes><script>alert('hi')</script>" in ticket summary --> Fix injection problem when using "><script>alert('hi')</script>double quotes" in ticket summary
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Rick Copeland - 2010-12-07

So it doesn't look like this is a JS injection issue, but rather a problem that we're not properly escaping quote when creating the <input> field.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Rick Copeland - 2010-12-09

summary: Fix injection problem when using "><script>alert('hi')</script>double quotes" in ticket summary --> Fix injection problem when using

status: open --> code-review

assigned_to: Rick Copéland

custom_field__size: --> 1
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Rick Copeland - 2010-12-09

status: code-review --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.