Bug 794394 (JBEPP-1438)
| Summary: | Invalid page title of page causes unability to edit node | ||
|---|---|---|---|
| Product: | [JBoss] JBoss Enterprise Portal Platform 5 | Reporter: | Viliam Rockai <vrockai> |
| Component: | Portal | Assignee: | Nobody <nobody> |
| Status: | CLOSED UPSTREAM | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 5.2.0.GA | CC: | epp-bugs, theute |
| Target Milestone: | --- | ||
| Target Release: | 5.2.1.ER02 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| URL: | http://jira.jboss.org/jira/browse/JBEPP-1438 | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
An issue with field value validation in page title fields caused angle brackets to be added verbatim to the page title. These verbatim characters resulted in portal page errors because the angle brackets were not substituted with HTML character references when the form was saved. The fix introduces NoHTMLTagValidator logic in page title fields, which prevents verbatim angle brackets from being entered into the field. Angle brackets can be included in titles, providing the correct HTML character references are declared: &lt; and &gt;
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2025-02-10 03:15:20 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I can't reproduce on EPP 5.2 ? Viliam, any better description on how to reproduce ? i was just able to reproduce again. let me rewrite the steps more detailed:
- login as root
- go to the "Site" menu
- click on "Edit Navigation" for "classic" portal
- on the "SiteMap" node right click and select "Edit Node's Page" from the menu
- in the "Page Editor" window on the right, click on "View page properties"
- put "Site Map<script>alert('a');</script>" into the "Page title" input
- save
if you try now to edit node "SiteMap" in "Edit Navigation" mode in "Site" asministrator page, nothing will happen. This issue causes even more troubles, like error with clicking on "View page properties" for other node pages.
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
CAUSE: Entered text becomes part of portal page HTML as-is, including special characters like angle brackets
CONSEQUENCE: Entered text can break a portal page
FIX: Prevent entry of angle brackets using NoHTMLTagValidator
RESULT: Text that could break a portal page can't be entered any more. If angle brackets are desired in the output, character references can be used - < and >
Technical note updated. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
Diffed Contents:
@@ -1,4 +1 @@
-CAUSE: Entered text becomes part of portal page HTML as-is, including special characters like angle brackets
+An issue with field value validation in page title fields caused angle brackets to be added verbatim to the page title. These verbatim characters resulted in portal page errors because the angle brackets were not substituted with HTML character references when the form was saved. The fix introduces NoHTMLTagValidator logic in page title fields, which prevents verbatim angle brackets from being entered into the field. Angle brackets can be included in titles, providing the correct HTML character references are declared: &lt; and &gt;-CONSEQUENCE: Entered text can break a portal page
-FIX: Prevent entry of angle brackets using NoHTMLTagValidator
-RESULT: Text that could break a portal page can't be entered any more. If angle brackets are desired in the output, character references can be used - < and >
This product has been discontinued or is no longer tracked in Red Hat Bugzilla. |
project_key: JBEPP go to site menu click on edit navigation for classic portal click on edit node page for "sitemap" node click on view page properties put "Site Map<script>alert('a');</script>" into the page title save if you try now to edit node "sitemap" nothing will happen