You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@netbeans.apache.org by "dennis lucero (JIRA)" <ji...@apache.org> on 2018/04/23 14:12:00 UTC

[jira] [Created] (NETBEANS-720) HTML injection in search result tab titles and MRU dropdown list

dennis lucero created NETBEANS-720:
--------------------------------------

             Summary: HTML injection in search result tab titles and MRU dropdown list
                 Key: NETBEANS-720
                 URL: https://issues.apache.org/jira/browse/NETBEANS-720
             Project: NetBeans
          Issue Type: Bug
          Components: utilities - Search
    Affects Versions: 8.2, 9.0, Next
            Reporter: dennis lucero


When searching for something like

{{<html><b>HTML</b> <i>injection</i>}}

search tab titles and the MRU dropdown list in the search dialog show the HTML formatted text, not the raw input. This also means searching for

{{<html>}}

produces a tab with an empty title.

Found in NetBeans 8.2, reproduced with the latest build incubator-netbeans-release-272-on-20180418.

(I’d attach a screenshot but JIRA complains about a missing token.)



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@netbeans.apache.org
For additional commands, e-mail: commits-help@netbeans.apache.org

For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists