You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@continuum.apache.org by "Wendy Smoak (JIRA)" <ji...@codehaus.org> on 2009/09/16 23:50:57 UTC

[jira] Updated: (CONTINUUM-1983) unescaped HTML in SCM Changes summary

     [ http://jira.codehaus.org/browse/CONTINUUM-1983?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Wendy Smoak updated CONTINUUM-1983:
-----------------------------------

    Affects Version/s: 1.3.3
        Fix Version/s: Reviewed

> unescaped HTML in SCM Changes summary
> -------------------------------------
>
>                 Key: CONTINUUM-1983
>                 URL: http://jira.codehaus.org/browse/CONTINUUM-1983
>             Project: Continuum
>          Issue Type: Bug
>          Components: Web - UI
>    Affects Versions: 1.1, 1.3.3
>         Environment: Linux
>            Reporter: Reimer Prochnow
>            Priority: Minor
>             Fix For: Reviewed
>
>
> If you write HTML in scm commit comments, this HTML is shown in the SCM changes summary section on the build result page.
> It should be escaped for security issues.
> The page involved is:
> continuum-webapp\src\main\webapp\WEB-INF\jsp\buildresult.jsp, Line 61
> <ec:column property="comment" title="buildResult.changes.comment" />
> But the columns are rendered by extremecomponents taglib.
> This should be able to escape HTML by configuration, unfortunately i do not find any documentation on this taglib

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira