unescaped HTML in SCM Changes summary
-------------------------------------
Key: CONTINUUM-1983
URL: http://jira.codehaus.org/browse/CONTINUUM-1983
Project: Continuum
Issue Type: Bug
Components: Web - UI
Affects Versions: 1.1
Environment: Linux
Reporter: Reimer Prochnow
Priority: Minor
If you write HTML in scm commit comments, this HTML is shown in the SCM changes
summary section on the build result page.
It should be escaped for security issues.
The page involved is:
continuum-webapp\src\main\webapp\WEB-INF\jsp\buildresult.jsp, Line 61
<ec:column property="comment" title="buildResult.changes.comment" />
But the columns are rendered by extremecomponents taglib.
This should be able to escape HTML by configuration, unfortunately i do not
find any documentation on this taglib
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
