[jira] [Updated] (TC-225) Entries in Parameters table are not HTML escaped when displayed

Eric Friedrich (JIRA) Mon, 10 Apr 2017 09:42:56 -0700

     [ 
https://issues.apache.org/jira/browse/TC-225?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Eric Friedrich updated TC-225:
------------------------------
    Attachment: 7672FE8B-4C16-425D-8EDF-D64E882ED5D1.tiff
                2E61A402-40D0-4DDF-89E1-645DB433705B.tiff

Screenshots from TO1.7

> Entries in Parameters table are not HTML escaped when displayed
> ---------------------------------------------------------------
>
>                 Key: TC-225
>                 URL: https://issues.apache.org/jira/browse/TC-225
>             Project: Traffic Control
>          Issue Type: Bug
>          Components: Traffic Ops
>    Affects Versions: 1.8.0, 2.0.0, 2.1.0, 1.7.0
>            Reporter: Mike Sandman
>              Labels: security
>         Attachments: 2E61A402-40D0-4DDF-89E1-645DB433705B.tiff, 
> 7672FE8B-4C16-425D-8EDF-D64E882ED5D1.tiff
>
>
> The Parameters Table in Traffic Ops displays parameters found in the 
> database. When viewing "All Profiles" these parameters are displayed as part 
> of the website (i.e. in the HTML) and thus anything in angle brackets (e.g. 
> <tag>) is interpreted as valid HTML. 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Updated] (TC-225) Entries in Parameters table are not HTML escaped when displayed

Reply via email to