[jira] Updated: (MRM-1173) Cannot delete patterns with single and double quotes.

Brett Porter (JIRA) Mon, 12 Sep 2011 07:31:55 -0700

     [ 
https://jira.codehaus.org/browse/MRM-1173?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Brett Porter updated MRM-1173:
------------------------------

    Fix Version/s:     (was: Backlog)
                   1.4-M1

This is a (very obscure) way to inject some code, for example: {{1', ''); 
alert('XSS'); setAndSubmit('pattern', '1}}



> Cannot delete patterns with single and double quotes.
> -----------------------------------------------------
>
>                 Key: MRM-1173
>                 URL: https://jira.codehaus.org/browse/MRM-1173
>             Project: Archiva
>          Issue Type: Bug
>          Components: remote proxy, repository scanning
>    Affects Versions: 1.2
>            Reporter: Jevica Arianne B. Zurbano
>             Fix For: 1.4-M1
>
>
> Add/edit Proxy Connector:
> - Blacklist: cannot delete patterns with ' and "
> - whitelist: cannot delete patterns with '
> Repository Scanning:
> - cannot delete patterns with ' and "

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Updated: (MRM-1173) Cannot delete patterns with single and double quotes.

Reply via email to