You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@continuum.apache.org by "Brent N Atkinson (JIRA)" <ji...@apache.org> on 2015/05/04 14:53:06 UTC

[jira] [Closed] (CONTINUUM-2763) Build result page does not escape commit messages for HTML

     [ https://issues.apache.org/jira/browse/CONTINUUM-2763?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Brent N Atkinson closed CONTINUUM-2763.
---------------------------------------
    Resolution: Fixed

Fixed in r1677593

> Build result page does not escape commit messages for HTML
> ----------------------------------------------------------
>
>                 Key: CONTINUUM-2763
>                 URL: https://issues.apache.org/jira/browse/CONTINUUM-2763
>             Project: Continuum
>          Issue Type: Bug
>    Affects Versions: 1.4.2
>            Reporter: Brent N Atkinson
>             Fix For: 1.5.0
>
>         Attachments: CONTINUUM-2763.png
>
>
> This was discovered when encountering CONTINUUM-2762 on continuum-ci.a.o. One of the commit messages contained an HTML input tag, which was apparent when visiting the page since focus was forced to it. Messages should be escaped for safe display to a web browser to prevent this.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)