Uploaded image for project: 'JCommune'
  1. JCommune
  2. JC-614

Active xss can be created using code tag

VotersWatchers
    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 0.13
    • Fix Version/s: 0.13
    • Labels:
      None

      Description

      Create new post with this text:

      [code=js]<script>alert('Hi!');</script>[/code]
      Refresh page.

      AR: You'll get alert with text "Hi!"

      ER: Code succesfully highlighted

        Attachments

          Issue Links

          blocks

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. JC-569 Syntax highlight

          • Major - Major loss of function.
          • Closed
          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. JC-618 Different sources in one post are joined

          • Major - Major loss of function.
          • Closed

            Structure

              Activity

                People

                • Assignee:
                  shaddy Nikita Nazarov
                  Reporter:
                  shaddy Nikita Nazarov
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  0 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Time Tracking

                    Estimated:
                    Original Estimate - 8h
                    8h
                    Remaining:
                    Remaining Estimate - 0h
                    0h
                    Logged:
                    Time Spent - 8h
                    8h

                      Structure Helper Panel