[jira] [Updated] (CONTINUUM-2763) Build result page does not escape commit messages for HTML

Brent N Atkinson (JIRA) Sun, 03 May 2015 06:48:51 -0700

     [ 
https://issues.apache.org/jira/browse/CONTINUUM-2763?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Brent N Atkinson updated CONTINUUM-2763:
----------------------------------------
    Attachment: CONTINUUM-2763.png

Attached a screenshot demonstrating an example from continuum-ci.a.o

> Build result page does not escape commit messages for HTML
> ----------------------------------------------------------
>
>                 Key: CONTINUUM-2763
>                 URL: https://issues.apache.org/jira/browse/CONTINUUM-2763
>             Project: Continuum
>          Issue Type: Bug
>    Affects Versions: 1.4.2
>            Reporter: Brent N Atkinson
>             Fix For: 1.5.0
>
>         Attachments: CONTINUUM-2763.png
>
>
> This was discovered when encountering CONTINUUM-2762 on continuum-ci.a.o. One 
> of the commit messages contained an HTML input tag, which was apparent when 
> visiting the page since focus was forced to it. Messages should be escaped 
> for safe display to a web browser to prevent this.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (CONTINUUM-2763) Build result page does not escape commit messages for HTML

Reply via email to