Bug 809006

Summary: Double escaping html strings
Product: Red Hat Enterprise MRG Reporter: Stanislav Graf <sgraf>
Component: cuminAssignee: Chad Roberts <croberts>
Status: CLOSED ERRATA QA Contact: Stanislav Graf <sgraf>
Severity: medium Docs Contact:
Priority: low    
Version: DevelopmentCC: croberts, matt, tmckay
Target Milestone: 2.3   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: cumin-0.1.5492-1 Doc Type: Bug Fix
Doc Text:
Cause: Strings containing special XML characters were being double-escaped. Consequence: Text containing special XML characters was being displayed incorrectly. Fix: Our xml_escape routine is now preventing double-escaping. Result: Strings that contain special XML characters should now display correctly.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-06 18:43:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Stanislav Graf 2012-04-02 08:19:32 UTC 
Description of problem:
During verification of Bug 438142
I found possible double escaping in Messaging › amqp-broker › Queue

Version-Release number of selected component (if applicable):
cumin-0.1.5192-3.el5.noarch
cumin-0.1.5192-4.el6.noarch

How reproducible:
100%

Steps to Reproduce:
1. Messaging › amqp-broker
2. Add queue - <script>alert(1)</script>
3. Look into queue details
  
Actual results:
&lt;script&gt;alert(1)&lt;/script&gt;

Expected results:
<script>alert(1)</script>

Additional info:
Comment 1 Stanislav Graf 2012-04-02 09:03:01 UTC 
The same with drilling into submitted job. 'Details tab' with queue name or job description looks ok, but Breadcrumbs above are broken.
Comment 3 Trevor McKay 2012-04-02 10:21:29 UTC 
(In reply to comment #1)
> The same with drilling into submitted job. 'Details tab' with queue name or job
> description looks ok, but Breadcrumbs above are broken.

Yes, this is probably a bug.  This comes under my comment from 438142:

"There are a few other places where I inadvertently created double escapes, like
breadcrumbs, however these are harder to track down and no legitimate objects
are at all likely to contain <, &, or > anyway so the double escape doesn't
really matter."
Comment 4 Stanislav Graf 2012-04-03 08:12:37 UTC 
Also present in 
Go to cumin-grid-configuration-'Create tag'
Comment 5 Trevor McKay 2012-07-25 20:05:22 UTC 
Changed the title of this BZ.

This is a general problem that I believe can be handled in the xml_escape() routine itself.  The code needs to check for escape sequences in the string passed in and act accordingly.
Comment 6 Chad Roberts 2012-09-18 19:54:13 UTC 
Fixed in trunk revision 5470.
Comment 10 Stanislav Graf 2013-01-10 13:27:04 UTC 
Tested on RHEL 5/6 i386/x86_64
cumin-0.1.5648-1

Comment 0
Comment 1 - Job submission is sanitized for XML special characters
Comment 4

--> VERIFIED
Comment 12 errata-xmlrpc 2013-03-06 18:43:28 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0564.html