-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 1.0 Penguins
-
Fix Version/s: 1.0.1 Penguins
-
Labels:None
-
Sprint:2.0 Penguins
Steps to reproduce:
- Put into the search box on the main page:
<style> *{border: solid 1px red;}</style>
AR: all the elements on the page are bordered with red.
ER: the input is treated as tags
Well, actually you can. Btw, some why when I enter <head> as a tag, I can't just press on this tag because it leads to nowhere.
it's not malicious and it's not "cross-site" 
it leads to nowhere because html stripped from tag name before output
Well, it's still something that can disappoint user 
normal user wouldn't enter html tags here
Test Environment
Firefox 17.0.1, Chrome 23.0.1271.97, Opera 12.11 Build:1661
Test Scenario
Steps
1. Put into the search field
<style> *{border: solid 1px red;}</style>
Actual result - entered text handled as tag
Expected result - entered text handled as tag
Regression tests:
Search for tags works as usual
Test results:
Bug should be close
Artem R did you tru also other XSS and sql injection for this field?
it's not XSS. you cant give someone link with some malicious script inside.