[
https://issues.apache.org/jira/browse/TC-225?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16023346#comment-16023346
]
ASF GitHub Bot commented on TC-225:
-----------------------------------
GitHub user PeterRyder opened a pull request:
https://github.com/apache/incubator-trafficcontrol/pull/609
TC-225: TO Html fix
Updated DataTables to version 1.10.15 for required method
Added script which sets all DataTable columns to render as text
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/PeterRyder/incubator-trafficcontrol
HTMLEscapeFix
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-trafficcontrol/pull/609.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #609
----
commit d410f7b481fec1e5c899cdf296d8105d924bd245
Author: PeterRyder <peter.w.ry...@gmail.com>
Date: 2017-05-24T16:04:04Z
Fixes item in datatables in TO
commit eb179317e67b2c3344acf22c57c9bb84b5936caa
Author: PeterRyder <peter.w.ry...@gmail.com>
Date: 2017-05-24T17:55:56Z
Reverted copyright header
----
> Entries in Parameters table are not HTML escaped when displayed
> ---------------------------------------------------------------
>
> Key: TC-225
> URL: https://issues.apache.org/jira/browse/TC-225
> Project: Traffic Control
> Issue Type: Bug
> Components: Traffic Ops
> Affects Versions: 1.8.0, 2.0.0, 2.1.0, 1.7.0
> Reporter: Mike Sandman
> Labels: security
> Attachments: 2E61A402-40D0-4DDF-89E1-645DB433705B.tiff,
> 7672FE8B-4C16-425D-8EDF-D64E882ED5D1.tiff
>
>
> The Parameters Table in Traffic Ops displays parameters found in the
> database. When viewing "All Profiles" these parameters are displayed as part
> of the website (i.e. in the HTML) and thus anything in angle brackets (e.g.
> <tag>) is interpreted as valid HTML.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
