You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@dolphinscheduler.apache.org by GitBox <gi...@apache.org> on 2022/04/12 08:07:10 UTC

[GitHub] [dolphinscheduler] kindragos opened a new issue, #9453: [Bug] [UI] Storage XSS

kindragos opened a new issue, #9453:
URL: https://github.com/apache/dolphinscheduler/issues/9453

   ### Search before asking
   
   - [X] I had searched in the [issues](https://github.com/apache/dolphinscheduler/issues?q=is%3Aissue) and found no similar issues.
   
   
   ### What happened
   
   Create a project, type "<img src=x onerror=alert('ye!')>" in the project description, and then confirm. Then, in the item list, when the cursor passes through the item description, a window will pop up.
   
   ### What you expected to happen
   
   Will cause storage XSS.
   
   ### How to reproduce
   
   do WHAT HAPPENED
   
   ### Anything else
   
   _No response_
   
   ### Version
   
   1.3.9
   
   ### Are you willing to submit PR?
   
   - [ ] Yes I am willing to submit a PR!
   
   ### Code of Conduct
   
   - [X] I agree to follow this project's [Code of Conduct](https://www.apache.org/foundation/policies/conduct)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [dolphinscheduler] caishunfeng closed issue #9453: [Bug] [UI] Storage XSS

Posted by GitBox <gi...@apache.org>.

caishunfeng closed issue #9453: [Bug] [UI] Storage XSS 
URL: https://github.com/apache/dolphinscheduler/issues/9453


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [dolphinscheduler] caishunfeng commented on issue #9453: [Bug] [UI] Storage XSS

Posted by GitBox <gi...@apache.org>.

caishunfeng commented on issue #9453:
URL: https://github.com/apache/dolphinscheduler/issues/9453#issuecomment-1097471873

   > Company security scan
   
   Hi @kindragos , can you check this issue of latest 2.0.5 version?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [dolphinscheduler] kindragos commented on issue #9453: [Bug] [UI] Storage XSS

Posted by GitBox <gi...@apache.org>.

kindragos commented on issue #9453:
URL: https://github.com/apache/dolphinscheduler/issues/9453#issuecomment-1097587218

   
   > > Company security scan
   > 
   > Hi @kindragos , can you check this issue of latest 2.0.5 version?
   
   Your idea is right. I don't have 2.0.5 in my hand. I asked others to help measure it. There was no pop-up window.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [dolphinscheduler] github-actions[bot] commented on issue #9453: [Bug] [UI] Storage XSS

Posted by GitBox <gi...@apache.org>.

github-actions[bot] commented on issue #9453:
URL: https://github.com/apache/dolphinscheduler/issues/9453#issuecomment-1096317087

   Thank you for your feedback, we have received your issue, Please wait patiently for a reply.
   * In order for us to understand your request as soon as possible, please provide detailed information、version or pictures.
   * If you haven't received a reply for a long time, you can [join our slack](https://join.slack.com/t/asf-dolphinscheduler/shared_invite/zt-omtdhuio-_JISsxYhiVsltmC5h38yfw) and send your question to channel `#troubleshooting`


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [dolphinscheduler] kindragos commented on issue #9453: [Bug] [UI] Storage XSS

Posted by GitBox <gi...@apache.org>.

kindragos commented on issue #9453:
URL: https://github.com/apache/dolphinscheduler/issues/9453#issuecomment-1096761143

   > > type "<img src=x onerror=alert('ye!')>" in the project description
   > 
   > Why would you do that?
   
   Company security scan


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [dolphinscheduler] caishunfeng commented on issue #9453: [Bug] [UI] Storage XSS

Posted by GitBox <gi...@apache.org>.

caishunfeng commented on issue #9453:
URL: https://github.com/apache/dolphinscheduler/issues/9453#issuecomment-1097712203

   > Your idea is right. I don't have 2.0.5 in my hand. I asked others to help measure it. There was no pop-up window.
   
   OK, thanks your feedback. Version 2.0.x is recommended with many improvements. 
   I will close this issue.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [dolphinscheduler] kindragos commented on issue #9453: [Bug] [UI] Storage XSS

Posted by GitBox <gi...@apache.org>.

kindragos commented on issue #9453:
URL: https://github.com/apache/dolphinscheduler/issues/9453#issuecomment-1096323635

   ![123](https://user-images.githubusercontent.com/31087454/162913166-4f041984-b5af-4e0f-bd70-4afdb439b170.png)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [dolphinscheduler] caishunfeng commented on issue #9453: [Bug] [UI] Storage XSS

Posted by GitBox <gi...@apache.org>.

caishunfeng commented on issue #9453:
URL: https://github.com/apache/dolphinscheduler/issues/9453#issuecomment-1096579908

   >type "<img src=x onerror=alert('ye!')>" in the project description
   
   Why would you do that?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [dolphinscheduler] caishunfeng commented on issue #9453: [Bug] [UI] Storage XSS

Posted by GitBox <gi...@apache.org>.

caishunfeng commented on issue #9453:
URL: https://github.com/apache/dolphinscheduler/issues/9453#issuecomment-1097472009

   PTAL @songjianet 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@dolphinscheduler.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org