You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@continuum.apache.org by "Wendy Smoak (JIRA)" <ji...@codehaus.org> on 2009/09/16 23:50:57 UTC
[jira] Updated: (CONTINUUM-1983) unescaped HTML in SCM Changes
summary
[ http://jira.codehaus.org/browse/CONTINUUM-1983?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Wendy Smoak updated CONTINUUM-1983:
-----------------------------------
Affects Version/s: 1.3.3
Fix Version/s: Reviewed
> unescaped HTML in SCM Changes summary
> -------------------------------------
>
> Key: CONTINUUM-1983
> URL: http://jira.codehaus.org/browse/CONTINUUM-1983
> Project: Continuum
> Issue Type: Bug
> Components: Web - UI
> Affects Versions: 1.1, 1.3.3
> Environment: Linux
> Reporter: Reimer Prochnow
> Priority: Minor
> Fix For: Reviewed
>
>
> If you write HTML in scm commit comments, this HTML is shown in the SCM changes summary section on the build result page.
> It should be escaped for security issues.
> The page involved is:
> continuum-webapp\src\main\webapp\WEB-INF\jsp\buildresult.jsp, Line 61
> <ec:column property="comment" title="buildResult.changes.comment" />
> But the columns are rendered by extremecomponents taglib.
> This should be able to escape HTML by configuration, unfortunately i do not find any documentation on this taglib
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira