Project

General

Profile

Actions

Defect #33846

closed

Inline issue auto complete doesn't sanitize HTML tags

Added by Fernando Hartmann over 4 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed
Affected version:

Description

If referring a issue that have a HTML tag in subject, the tag is rendered as an object in the auto complete tip.

To reproduce
  1. Create one issue with a subject like Test <select> tag
  2. Start a new issue, go to description field and type issue number created above
Result
  • We should display something like Feature #xxxx Test <select> tag
  • We display a select object rendered in the tip, like image bellow

This can be dangerous,as some one can inject HTML


Files

tip.png (6.45 KB) tip.png Fernando Hartmann, 2020-08-12 19:26
sanitize_html.patch (868 Bytes) sanitize_html.patch Marius BĂLTEANU, 2020-10-05 22:51
autocomplete-by-title.png (56.7 KB) autocomplete-by-title.png Go MAEDA, 2020-10-15 14:01
sanitize_html_v2.patch (1.01 KB) sanitize_html_v2.patch Marius BĂLTEANU, 2020-10-16 07:47
tribute.png (132 KB) tribute.png Marius BĂLTEANU, 2020-10-16 07:49
sanitize_html_v3.patch (878 Bytes) sanitize_html_v3.patch Marius BĂLTEANU, 2020-10-16 08:01
test_for_33846.patch (809 Bytes) test_for_33846.patch Marius BĂLTEANU, 2020-12-05 18:10
sanitize_html_v4.patch (2.18 KB) sanitize_html_v4.patch Go MAEDA, 2021-03-15 16:52

Related issues

Related to Redmine - Feature #31989: Inline issue auto complete (#) in fields with text-formatting enabledClosedGo MAEDA

Actions
Actions

Also available in: Atom PDF