You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@archiva.apache.org by "Brett Porter (JIRA)" <ji...@codehaus.org> on 2011/09/12 16:31:07 UTC
[jira] Updated: (MRM-1173) Cannot delete patterns with single and
double quotes.
[ https://jira.codehaus.org/browse/MRM-1173?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brett Porter updated MRM-1173:
------------------------------
Fix Version/s: (was: Backlog)
1.4-M1
This is a (very obscure) way to inject some code, for example: {{1', ''); alert('XSS'); setAndSubmit('pattern', '1}}
> Cannot delete patterns with single and double quotes.
> -----------------------------------------------------
>
> Key: MRM-1173
> URL: https://jira.codehaus.org/browse/MRM-1173
> Project: Archiva
> Issue Type: Bug
> Components: remote proxy, repository scanning
> Affects Versions: 1.2
> Reporter: Jevica Arianne B. Zurbano
> Fix For: 1.4-M1
>
>
> Add/edit Proxy Connector:
> - Blacklist: cannot delete patterns with ' and "
> - whitelist: cannot delete patterns with '
> Repository Scanning:
> - cannot delete patterns with ' and "
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira