Brent N Atkinson created CONTINUUM-2763:
-------------------------------------------
Summary: Build result page does not escape commit messages for HTML
Key: CONTINUUM-2763
URL: https://issues.apache.org/jira/browse/CONTINUUM-2763
Project: Continuum
Issue Type: Bug
Affects Versions: 1.4.2
Reporter: Brent N Atkinson
Fix For: 1.5.0
This was discovered when encountering CONTINUUM-2762 on continuum-ci.a.o. One
of the commit messages contained an HTML input tag, which was apparent when
visiting the page since focus was forced to it. Messages should be escaped for
safe display to a web browser to prevent this.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
