[ https://issues.apache.org/jira/browse/TC-225?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eric Friedrich updated TC-225: ------------------------------ Attachment: 7672FE8B-4C16-425D-8EDF-D64E882ED5D1.tiff 2E61A402-40D0-4DDF-89E1-645DB433705B.tiff Screenshots from TO1.7 > Entries in Parameters table are not HTML escaped when displayed > --------------------------------------------------------------- > > Key: TC-225 > URL: https://issues.apache.org/jira/browse/TC-225 > Project: Traffic Control > Issue Type: Bug > Components: Traffic Ops > Affects Versions: 1.8.0, 2.0.0, 2.1.0, 1.7.0 > Reporter: Mike Sandman > Labels: security > Attachments: 2E61A402-40D0-4DDF-89E1-645DB433705B.tiff, > 7672FE8B-4C16-425D-8EDF-D64E882ED5D1.tiff > > > The Parameters Table in Traffic Ops displays parameters found in the > database. When viewing "All Profiles" these parameters are displayed as part > of the website (i.e. in the HTML) and thus anything in angle brackets (e.g. > <tag>) is interpreted as valid HTML. -- This message was sent by Atlassian JIRA (v6.3.15#6346)