Bug 1405023

Summary: Cannot delete or edit created hardware model
Product: Red Hat Satellite Reporter: Sanket Jagtap <sjagtap>
Component: WebUIAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED DUPLICATE QA Contact: Katello QA List <katello-qa-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.2.6CC: inecas, sjagtap
Target Milestone: Unspecified   
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-12-16 11:43:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Editing none

Description Sanket Jagtap 2016-12-15 12:14:54 UTC 
Description of problem:


Version-Release number of selected component (if applicable):
Build : Satellite 6.2.5

How reproducible:


Steps to Reproduce:
1. Go to hosts -> Provisioning setup -> Click hardware models
2. Create a Hardware model with Html tags (for eg: <script>alert(1)<script> or <frameset>abc</frameset>
3. Try to now, edit or delete the Hardware model.

Actual results:
The hardware model is not deleted or edited , when u try to do the same , it is redirected. 
Not Found
The requested URL /models/<script>alert(1)</script>

Expected results:
The hardware model should be deleted to edited

Additional info:
Comment 3 Ivan Necas 2016-12-15 14:24:06 UTC 
I can't reproduce this, neither on firefox nor chrome. Please provide additional information about the reproducer, including logs, browser and anything that might be useful to reproduce and investigate
Comment 4 Ivan Necas 2016-12-15 14:52:07 UTC 
The problem seems to be with the capturing the delete button, where you need to click directly on the "Delete" label, not just the button (when it's outside of the text)
Comment 5 Sanket Jagtap 2016-12-15 15:03:47 UTC 
Created attachment 1232206 [details]
Editing

When we edit the model
Comment 6 Sanket Jagtap 2016-12-15 15:04:46 UTC 
Even if the delete label is clicked , a javascript alert confirmation box appears and on clicking yes , we are redirected to page where , it says 
Not Found

The requested URL /models/<script>alert(1)</script>AAAAAAA was not found on this server. 


Also , cannot edit the Hardware model , screenshot attached
Comment 7 Ivan Necas 2016-12-15 16:03:12 UTC 
Connecting redmine issue http://projects.theforeman.org/issues/17686 from this bug
Comment 8 Ivan Necas 2016-12-15 16:25:02 UTC 
I was first investigating other issue I hit on the hw model deletion. Is it a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1265150. If so, please close this BZ as duplicate of it instead of filing a new one.
Comment 9 Sanket Jagtap 2016-12-16 11:43:11 UTC 

*** This bug has been marked as a duplicate of bug 1265150 ***