[JC-1300] XSS: possibility to enter code in pagination - JTalks JIRA

Voters

Watchers

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 1.3 Larks
Fix Version/s: 1.4 Larks
Labels:
None

Sprint:
1.3 Larks, 1.4 Larks

Description

Steps to reproduce:
1. Go to http://uat.jtalks.org/jcommune/search/?searchText=%3CMETA+HTTP-EQUIV%3D%27Refresh%27+content+%3D%270%3B+URL%3Dhttp%3A%2F%2Fya.ru%27%3E

Actual Result: Code is shown in pagination
Expected result: there is page numbers in pagination field

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

code_on_page.png
291 kB
07/Feb/13 7:48 PM

Issue Links

clones

QASANDBOX-22 Результат поиска. Часть кода вместо номера страницы

Open

relates to

JC-1334 Error 404 is shown in case there is / or \ in search query

Open

Structure

Activity

People

Assignee:

Julia Atlygina

Reporter:

Galina

Votes:

0 Vote for this issue

Watchers:

4 Start watching this issue

Dates

Created:

07/Feb/13 7:48 PM

Updated:

25/Feb/13 1:56 AM

Resolved:

18/Feb/13 10:39 AM

Time Tracking

Estimated:

0h

Remaining:

0h

Logged:

6h

Structure Helper Panel