[
https://issues.apache.org/activemq/browse/AMQ-1534?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rob Davies resolved AMQ-1534.
-----------------------------
Assignee: Rob Davies
Resolution: Duplicate
duplicate of https://issues.apache.org/activemq/browse/AMQ-1013
> Unescaped text messages in message detail
> -----------------------------------------
>
> Key: AMQ-1534
> URL: https://issues.apache.org/activemq/browse/AMQ-1534
> Project: ActiveMQ
> Issue Type: Bug
> Affects Versions: 5.0.0
> Environment: Browser
> Reporter: Elliotte Rusty Harold
> Assignee: Rob Davies
> Priority: Critical
>
> The new HTTP based queue view is very useful. However it has one really
> annoying bug that cost me some hours of debugging. Send a TextMessage to the
> queue containing a typical HTML or XML document such as
> <result></result>
> Then look at that message in the web browser and look at the message detail
> to see the text of the message. The text appears to be blank, especially if
> the message only contains tags and white space as was the case for me. Even
> if it isn't completely blank, the tags will be missing.
> The problem is that the text of the message is displayed raw and added to the
> HTML. This could even be a vector for XSS attacks since no escaping is
> performed.
> Before displaying the text it should be escaped. That is, & should be
> converted to & and < to <. That should fix the critical problems.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
