You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dolphinscheduler.apache.org by GitBox <gi...@apache.org> on 2022/04/12 08:07:10 UTC
[GitHub] [dolphinscheduler] kindragos opened a new issue, #9453: [Bug] [UI] Storage XSS
kindragos opened a new issue, #9453:
URL: https://github.com/apache/dolphinscheduler/issues/9453
### Search before asking
- [X] I had searched in the [issues](https://github.com/apache/dolphinscheduler/issues?q=is%3Aissue) and found no similar issues.
### What happened
Create a project, type "<img src=x onerror=alert('ye!')>" in the project description, and then confirm. Then, in the item list, when the cursor passes through the item description, a window will pop up.
### What you expected to happen
Will cause storage XSS.
### How to reproduce
do WHAT HAPPENED
### Anything else
_No response_
### Version
1.3.9
### Are you willing to submit PR?
- [ ] Yes I am willing to submit a PR!
### Code of Conduct
- [X] I agree to follow this project's [Code of Conduct](https://www.apache.org/foundation/policies/conduct)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [dolphinscheduler] caishunfeng closed issue #9453: [Bug] [UI] Storage XSS
Posted by GitBox <gi...@apache.org>.
caishunfeng closed issue #9453: [Bug] [UI] Storage XSS
URL: https://github.com/apache/dolphinscheduler/issues/9453
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [dolphinscheduler] caishunfeng commented on issue #9453: [Bug] [UI] Storage XSS
Posted by GitBox <gi...@apache.org>.
caishunfeng commented on issue #9453:
URL: https://github.com/apache/dolphinscheduler/issues/9453#issuecomment-1097471873
> Company security scan
Hi @kindragos , can you check this issue of latest 2.0.5 version?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [dolphinscheduler] kindragos commented on issue #9453: [Bug] [UI] Storage XSS
Posted by GitBox <gi...@apache.org>.
kindragos commented on issue #9453:
URL: https://github.com/apache/dolphinscheduler/issues/9453#issuecomment-1097587218
> > Company security scan
>
> Hi @kindragos , can you check this issue of latest 2.0.5 version?
Your idea is right. I don't have 2.0.5 in my hand. I asked others to help measure it. There was no pop-up window.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [dolphinscheduler] github-actions[bot] commented on issue #9453: [Bug] [UI] Storage XSS
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on issue #9453:
URL: https://github.com/apache/dolphinscheduler/issues/9453#issuecomment-1096317087
Thank you for your feedback, we have received your issue, Please wait patiently for a reply.
* In order for us to understand your request as soon as possible, please provide detailed information、version or pictures.
* If you haven't received a reply for a long time, you can [join our slack](https://join.slack.com/t/asf-dolphinscheduler/shared_invite/zt-omtdhuio-_JISsxYhiVsltmC5h38yfw) and send your question to channel `#troubleshooting`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [dolphinscheduler] kindragos commented on issue #9453: [Bug] [UI] Storage XSS
Posted by GitBox <gi...@apache.org>.
kindragos commented on issue #9453:
URL: https://github.com/apache/dolphinscheduler/issues/9453#issuecomment-1096761143
> > type "<img src=x onerror=alert('ye!')>" in the project description
>
> Why would you do that?
Company security scan
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [dolphinscheduler] caishunfeng commented on issue #9453: [Bug] [UI] Storage XSS
Posted by GitBox <gi...@apache.org>.
caishunfeng commented on issue #9453:
URL: https://github.com/apache/dolphinscheduler/issues/9453#issuecomment-1097712203
> Your idea is right. I don't have 2.0.5 in my hand. I asked others to help measure it. There was no pop-up window.
OK, thanks your feedback. Version 2.0.x is recommended with many improvements.
I will close this issue.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [dolphinscheduler] kindragos commented on issue #9453: [Bug] [UI] Storage XSS
Posted by GitBox <gi...@apache.org>.
kindragos commented on issue #9453:
URL: https://github.com/apache/dolphinscheduler/issues/9453#issuecomment-1096323635
![123](https://user-images.githubusercontent.com/31087454/162913166-4f041984-b5af-4e0f-bd70-4afdb439b170.png)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [dolphinscheduler] caishunfeng commented on issue #9453: [Bug] [UI] Storage XSS
Posted by GitBox <gi...@apache.org>.
caishunfeng commented on issue #9453:
URL: https://github.com/apache/dolphinscheduler/issues/9453#issuecomment-1096579908
>type "<img src=x onerror=alert('ye!')>" in the project description
Why would you do that?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [dolphinscheduler] caishunfeng commented on issue #9453: [Bug] [UI] Storage XSS
Posted by GitBox <gi...@apache.org>.
caishunfeng commented on issue #9453:
URL: https://github.com/apache/dolphinscheduler/issues/9453#issuecomment-1097472009
PTAL @songjianet
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org