[ https://issues.apache.org/jira/browse/TC-225?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16023346#comment-16023346 ]
ASF GitHub Bot commented on TC-225: ----------------------------------- GitHub user PeterRyder opened a pull request: https://github.com/apache/incubator-trafficcontrol/pull/609 TC-225: TO Html fix Updated DataTables to version 1.10.15 for required method Added script which sets all DataTable columns to render as text You can merge this pull request into a Git repository by running: $ git pull https://github.com/PeterRyder/incubator-trafficcontrol HTMLEscapeFix Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-trafficcontrol/pull/609.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #609 ---- commit d410f7b481fec1e5c899cdf296d8105d924bd245 Author: PeterRyder <peter.w.ry...@gmail.com> Date: 2017-05-24T16:04:04Z Fixes item in datatables in TO commit eb179317e67b2c3344acf22c57c9bb84b5936caa Author: PeterRyder <peter.w.ry...@gmail.com> Date: 2017-05-24T17:55:56Z Reverted copyright header ---- > Entries in Parameters table are not HTML escaped when displayed > --------------------------------------------------------------- > > Key: TC-225 > URL: https://issues.apache.org/jira/browse/TC-225 > Project: Traffic Control > Issue Type: Bug > Components: Traffic Ops > Affects Versions: 1.8.0, 2.0.0, 2.1.0, 1.7.0 > Reporter: Mike Sandman > Labels: security > Attachments: 2E61A402-40D0-4DDF-89E1-645DB433705B.tiff, > 7672FE8B-4C16-425D-8EDF-D64E882ED5D1.tiff > > > The Parameters Table in Traffic Ops displays parameters found in the > database. When viewing "All Profiles" these parameters are displayed as part > of the website (i.e. in the HTML) and thus anything in angle brackets (e.g. > <tag>) is interpreted as valid HTML. -- This message was sent by Atlassian JIRA (v6.3.15#6346)