[jira] [Assigned] (TC-225) Entries in Parameters table are not HTML escaped when displayed

Dan Kirkwood (JIRA) Fri, 30 Jun 2017 08:50:55 -0700

     [ 
https://issues.apache.org/jira/browse/TC-225?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Dan Kirkwood reassigned TC-225:
-------------------------------

    Assignee: Dan Kirkwood

PeterRyder of Cisco fixed this for 2.0.0

> Entries in Parameters table are not HTML escaped when displayed
> ---------------------------------------------------------------
>
>                 Key: TC-225
>                 URL: https://issues.apache.org/jira/browse/TC-225
>             Project: Traffic Control
>          Issue Type: Bug
>          Components: Traffic Ops
>    Affects Versions: 2.1.0, 2.0.0, 1.8.0, 1.7.0
>            Reporter: Mike Sandman
>            Assignee: Dan Kirkwood
>              Labels: security
>         Attachments: 2E61A402-40D0-4DDF-89E1-645DB433705B.tiff, 
> 7672FE8B-4C16-425D-8EDF-D64E882ED5D1.tiff
>
>
> The Parameters Table in Traffic Ops displays parameters found in the 
> database. When viewing "All Profiles" these parameters are displayed as part 
> of the website (i.e. in the HTML) and thus anything in angle brackets (e.g. 
> <tag>) is interpreted as valid HTML. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (TC-225) Entries in Parameters table are not HTML escaped when displayed

Reply via email to