Status: New
Owner: ----
Labels: Type-Defect Priority-Medium

New issue 3406 by output json without html entity escape in script tag

*** You must complete this form in its entirety, or your bug report will be
*** For customer support, please post to
*** If you have a patch, please submit it to
*** Do not post confidential information in this bug report!

What version are you running?

What's the URL of the page containing the problem?

What steps will reproduce the problem?
1. The name change to "</script><script>alert</scritp>".
2. Add comment for review diff.
3. When view diff, pop up alert.

What is the expected output? What do you see instead?

What operating system are you using? What browser?

Please provide any additional information below.

`{"name": "</script><script> alert(1)</script>"}` is valid josn.
But it output into script tag
var json = {"name": "</script><script> alert(1)</script>"};

same this
var json = {"name": "

<script> alert(1)</script>


I think the characters &, < and > should be escaped in result from simplejson.dumps, or use JSONEncoderForHTML.

You received this message because this project is configured to send all issue notifications to this address.
You may adjust your notification preferences at:

You received this message because you are subscribed to the Google Groups 
"reviewboard-issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To post to this group, send email to
Visit this group at
For more options, visit

Reply via email to