[JC-1741] Search: layout can be broken via XSS Script - JTalks JIRA

Voters

Watchers

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 2.4 Larks
Fix Version/s: 2.6 Larks
Labels:
None
Environment:

Firefox 26

Sprint:
2.6 Larks

Description

Precondition

open jcommune main page

Test data

<xml id="X"><a><b><script>document.vulnerable=true;</script>;

Steps to reproduce

Enter Test data in field Search
Look at result

Actual result: layout is broken (see. actual_result_XSS)
Expected result: just topic with "<xml id="X"><a><b><script>document.vulnerable=true;</script>;" text is shown

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

Actual_result_XSS.png
672 kB
14/Jan/14 12:51 PM
Actual result.png
341 kB
06/Mar/14 12:52 PM

Issue Links

relates to

JC-1737 Russian symbols entered in field "Search" convert to another

Closed

Structure

Activity

People

Assignee:

Targa Florio

Reporter:

Bogdanov Igor

Votes:

0 Vote for this issue

Watchers:

6 Start watching this issue

Dates

Created:

14/Jan/14 12:51 PM

Updated:

07/Mar/14 11:37 AM

Resolved:

02/Mar/14 7:46 PM

Time Tracking

Estimated:

Remaining:

Logged:

Details

Description

Attachments

Attachments

Issue Links

Structure

Activity

People

Dates

Time Tracking

Structure Helper Panel