Uploaded image for project: 'Antarcticle'
  1. Antarcticle
  2. ANTARCTICLE-150

<script> text isn't shown in articles and comments

VotersWatchers
    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.1 Penguins
    • Fix Version/s: 2.0
    • Labels:
      None
    • Environment:

      Mozila Firefox

      Description

      Steps:
      1. Go to http://uat.jtalks.org/antarcticle/ and sign in
      2. Click "Write article"
      3. Enter <script>alert('aa')</script>
      4. Click "Post article"

      Actual Result: appears alert('aa');
      Expected Result: appears <script>alert('aa')</script> (like in JCommune)

      Note, that the same behaviour reproduces in the comments fields.

        Attachments

          Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. ANTARCTICLE-192 XSS vulnerability in comments

          • Major - Major loss of function.
          • Closed
          Testing discovered

          Bug - A problem which impairs or prevents the functions of the product. ANTARCTICLE-195 Script doesn't shown on Read Article if posted without markdown

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

            Structure

              Activity

                People

                • Assignee:
                  Keiran Keiran
                  Reporter:
                  curcubeu Larisa
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Structure Helper Panel