Back to bug 2127078
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Sandipan Roy | 2022-09-15 09:58:11 UTC | CC | asoldano, bbaranow, bbuckingham, bcourt, bmaxwell, brian.stansberry, btotty, cdewolf, chazlett, darran.lofthouse, dkreling, dosoudil, ehelms, extras-orphan, fjuma, hhorak, iweiss, jaromir.capik, java-sig-commits, jochrist, jorton, jsherril, jwon, krathod, lgao, lzap, mhulan, mkoncek, mmccune, mosmerov, msochure, msvehla, myarboro, nmoumoul, nwallace, orabin, pcreech, pjindal, pmackay, rchan, rstancel, smaestri, tom.jenkinson | |
| Sandipan Roy | 2022-09-15 09:58:31 UTC | Blocks | 2122630 | |
| Sandipan Roy | 2022-09-15 10:02:03 UTC | Depends On | 2127087, 2127084, 2127083, 2127082, 2127086, 2127085, 2127081, 2127080 | |
| Sandipan Roy | 2022-09-15 10:04:35 UTC | Doc Text | jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML including `javascript:` URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default `SafeList.preserveRelativeLinks` option is enabled, HTML including `javascript:` URLs that have been crafted with control characters will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is then possible. | |
| RaTasha Tillery-Smith | 2022-09-15 11:57:05 UTC | Doc Text | jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML including `javascript:` URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default `SafeList.preserveRelativeLinks` option is enabled, HTML including `javascript:` URLs that have been crafted with control characters will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is then possible. | A flaw was found in jsoup, a Java HTML parser built for HTML editing, cleaning, scraping, and Cross-site scripting (XSS) safety. An issue in jsoup may incorrectly sanitize HTML, including `javascript:` URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default `SafeList.preserveRelativeLinks` option is enabled, HTML, including `javascript:` URLs crafted with control characters, will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is possible. |
| Red Hat Bugzilla | 2022-10-28 13:12:51 UTC | CC | krathod | |
| Red Hat Bugzilla | 2023-03-02 08:28:20 UTC | CC | myarboro | |
| Red Hat Bugzilla | 2023-05-15 20:18:56 UTC | CC | btotty | |
| Red Hat Bugzilla | 2023-07-07 08:35:34 UTC | Assignee | security-response-team | nobody |
Back to bug 2127078