You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@netbeans.apache.org by "dennis lucero (JIRA)" <ji...@apache.org> on 2018/04/23 14:15:00 UTC

[jira] [Updated] (NETBEANS-720) HTML injection in search result tab titles and MRU dropdown list

     [ https://issues.apache.org/jira/browse/NETBEANS-720?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

dennis lucero updated NETBEANS-720:
-----------------------------------
    Description: 
When searching for something like

{{<html><b>HTML</b> <i>injection</i>}}

search tab titles and the MRU dropdown list in the search dialog show the HTML formatted text, not the raw input. This also means searching for

{{<html>}}

produces a tab with an empty title.

Found in NetBeans 8.2, reproduced with the latest build incubator-netbeans-release-272-on-20180418.

(I’d attach a screenshot but JIRA complains about a missing token.)

HTML can be disabled with something like

{{public static void disableHtml(final JComponent component) {
    component.putClientProperty("html.disable", Boolean.TRUE);
}}}

  was:
When searching for something like

{{<html><b>HTML</b> <i>injection</i>}}

search tab titles and the MRU dropdown list in the search dialog show the HTML formatted text, not the raw input. This also means searching for

{{<html>}}

produces a tab with an empty title.

Found in NetBeans 8.2, reproduced with the latest build incubator-netbeans-release-272-on-20180418.

(I’d attach a screenshot but JIRA complains about a missing token.)


> HTML injection in search result tab titles and MRU dropdown list
> ----------------------------------------------------------------
>
>                 Key: NETBEANS-720
>                 URL: https://issues.apache.org/jira/browse/NETBEANS-720
>             Project: NetBeans
>          Issue Type: Bug
>          Components: utilities - Search
>    Affects Versions: 8.2, 9.0, Next
>            Reporter: dennis lucero
>            Priority: Minor
>
> When searching for something like
> {{<html><b>HTML</b> <i>injection</i>}}
> search tab titles and the MRU dropdown list in the search dialog show the HTML formatted text, not the raw input. This also means searching for
> {{<html>}}
> produces a tab with an empty title.
> Found in NetBeans 8.2, reproduced with the latest build incubator-netbeans-release-272-on-20180418.
> (I’d attach a screenshot but JIRA complains about a missing token.)
> HTML can be disabled with something like
> {{public static void disableHtml(final JComponent component) {
>     component.putClientProperty("html.disable", Boolean.TRUE);
> }}}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@netbeans.apache.org
For additional commands, e-mail: commits-help@netbeans.apache.org

For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists