Bug 1001173

Summary: User notification message should escape html characters from custom info
Product: [Retired] Subscription Asset Manager Reporter: sthirugn <sthirugn>
Component: katelloAssignee: Adam Price <adprice>
Status: CLOSED ERRATA QA Contact: sthirugn <sthirugn>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 1.3CC: bkearney, jweiss
Target Milestone: rcFlags: sthirugn: automate_bug? (jweiss)
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-10-01 11:21:33 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 833466    
Attachments:
Description Flags
User notification_html characters not escaped none

Description sthirugn@redhat.com 2013-08-26 15:32:45 UTC 
Description of problem:
User notification message should escape html characters from custom info


Version-Release number of selected component (if applicable):
* candlepin-0.8.21-1.el6sam.noarch
* candlepin-scl-1-5.el6_4.noarch
* candlepin-scl-quartz-2.1.5-5.el6_4.noarch
* candlepin-scl-rhino-1.7R3-1.el6_4.noarch
* candlepin-scl-runtime-1-5.el6_4.noarch
* candlepin-selinux-0.8.21-1.el6sam.noarch
* candlepin-tomcat6-0.8.21-1.el6sam.noarch
* elasticsearch-0.19.9-8.el6sat.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.4.2-2.el6sat.noarch
* katello-cli-1.4.3-8.el6sat.noarch
* katello-cli-common-1.4.3-8.el6sat.noarch
* katello-common-1.4.3-9.el6sam_splice.noarch
* katello-configure-1.4.4-3.el6sat.noarch
* katello-glue-candlepin-1.4.3-9.el6sam_splice.noarch
* katello-glue-elasticsearch-1.4.3-9.el6sam_splice.noarch
* katello-headpin-1.4.3-9.el6sam_splice.noarch
* katello-headpin-all-1.4.3-9.el6sam_splice.noarch
* katello-selinux-1.4.4-2.el6sat.noarch
* thumbslug-0.0.32-1.el6sam.noarch
* thumbslug-selinux-0.0.32-1.el6sam.noarch

How reproducible:
Always

Steps to Reproduce:
1. Navigate to SAM UI -> Administer -> Organizations -> Select an Organization -> Default Custom Info -> Distributor Default Custom Info
2. Add a default custom info key <blink>hi</blink>
3. Try to add the same custom info key <blink>hi</blink> again

Actual results:
The notification message does not escape the html characters for <blink>hi</blink>.  (Screenshot attached)

Expected results:
The notification message should escape the html characters for <blink>hi</blink>.

Additional info:
The same issue happens for the Organizations -> Distributor Default Custom Info and System Default Custom Info
Comment 1 sthirugn@redhat.com 2013-08-26 15:33:44 UTC 
Created attachment 790565 [details]
User notification_html characters not escaped
Comment 2 Adam Price 2013-08-28 21:30:20 UTC 
https://github.com/Katello/katello/pull/2836
Comment 4 sthirugn@redhat.com 2013-09-05 20:43:38 UTC 
VERIFIED.

* candlepin-0.8.25-1.el6sam.noarch
* candlepin-scl-1-5.el6_4.noarch
* candlepin-scl-quartz-2.1.5-5.el6_4.noarch
* candlepin-scl-rhino-1.7R3-1.el6_4.noarch
* candlepin-scl-runtime-1-5.el6_4.noarch
* candlepin-selinux-0.8.25-1.el6sam.noarch
* candlepin-tomcat6-0.8.25-1.el6sam.noarch
* elasticsearch-0.19.9-8.el6sat.noarch
* katello-candlepin-cert-key-pair-1.0-1.noarch
* katello-certs-tools-1.4.2-2.el6sat.noarch
* katello-cli-1.4.3-10.el6sat.noarch
* katello-cli-common-1.4.3-10.el6sat.noarch
* katello-common-1.4.3-12.el6sam_splice.noarch
* katello-configure-1.4.4-4.el6sat.noarch
* katello-glue-candlepin-1.4.3-12.el6sam_splice.noarch
* katello-glue-elasticsearch-1.4.3-12.el6sam_splice.noarch
* katello-headpin-1.4.3-12.el6sam_splice.noarch
* katello-headpin-all-1.4.3-12.el6sam_splice.noarch
* katello-selinux-1.4.4-2.el6sat.noarch
* thumbslug-0.0.34-1.el6sam.noarch
* thumbslug-selinux-0.0.34-1.el6sam.noarch
Comment 6 errata-xmlrpc 2013-10-01 11:21:33 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2013-1390.html