Bug 982488
| Summary: | html in permission description | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Ales Dujicek <adujicek> | ||||
| Component: | WebUI | Assignee: | Eric Helms <ehelms> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Ales Dujicek <adujicek> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | Nightly | CC: | cwelton, ehelms, jmontleo | ||||
| Target Milestone: | Unspecified | Keywords: | Triaged | ||||
| Target Release: | Unused | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2014-04-24 17:09:57 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Since this issue was entered in Red Hat Bugzilla, the release flag has been set to ? to ensure that it is properly evaluated for this release. Fix available as of 0860e230be29ee26a6b4657ecf0bb886f684937e Verified. katello-all-1.4.6-39.el6sat.noarch katello-selinux-1.4.4-4.el6sat.noarch katello-qpid-broker-key-pair-1.0-1.noarch katello-1.4.6-39.el6sat.noarch signo-katello-0.0.22-2.el6sat.noarch katello-configure-foreman-proxy-1.4.7-5.el6sat.noarch katello-glue-candlepin-1.4.6-39.el6sat.noarch katello-glue-pulp-1.4.6-39.el6sat.noarch katello-cli-common-1.4.3-24.el6sat.noarch katello-candlepin-cert-key-pair-1.0-1.noarch katello-configure-1.4.7-5.el6sat.noarch katello-glue-elasticsearch-1.4.6-39.el6sat.noarch katello-configure-foreman-1.4.7-5.el6sat.noarch katello-foreman-all-1.4.6-39.el6sat.noarch pulp-katello-plugins-0.2-1.el6sat.noarch ruby193-rubygem-foreman-katello-engine-0.0.17-6.el6sat.noarch ruby193-rubygem-katello-foreman-engine-0.0.11-3.el6sat.noarch ruby193-rubygem-katello_api-0.0.3-4.el6sat.noarch katello-common-1.4.6-39.el6sat.noarch katello-cli-1.4.3-24.el6sat.noarch katello-certs-tools-1.4.4-1.el6sat.noarch katello-qpid-client-key-pair-1.0-1.noarch This was verified and delivered with MDP2. Closing it out. This was delivered and verified with MDP2. Closing the bug. |
Created attachment 770830 [details] html in permission description Description of problem: html in permission description is not escaped Version-Release number of selected component (if applicable): katello-1.4.2-18.el6sat.noarch katello-candlepin-cert-key-pair-1.0-1.noarch katello-agent-1.4.3-1.git.1.24fe511.el6.noarch katello-certs-tools-1.4.2-2.el6sat.noarch katello-configure-1.4.3-16.el6sat.noarch katello-glue-pulp-1.4.2-18.el6sat.noarch katello-all-1.4.2-18.el6sat.noarch katello-cli-common-1.4.2-8.el6sat.noarch ruby193-rubygem-foreman-katello-engine-0.0.8-6.el6sat.noarch signo-katello-0.0.19-1.el6sat.noarch katello-glue-elasticsearch-1.4.2-18.el6sat.noarch katello-configure-foreman-1.4.3-16.el6sat.noarch katello-foreman-all-1.4.2-18.el6sat.noarch katello-qpid-client-key-pair-1.0-1.noarch katello-cli-1.4.2-8.el6sat.noarch ruby193-rubygem-katello_api-0.0.3-2.el6_4.noarch katello-common-1.4.2-18.el6sat.noarch katello-selinux-1.4.3-3.el6sat.noarch katello-glue-candlepin-1.4.2-18.el6sat.noarch ruby193-rubygem-katello-foreman-engine-0.0.3-6.el6sat.noarch katello-qpid-broker-key-pair-1.0-1.noarch How reproducible: always Steps to Reproduce: 1. Administer > Roles > select role 2. Permissions > Global permissions > Add permission 3. choose any scope etc., fill html like <script>alert('foo');</script> or <h2>ht<font color=red>ml</font> !!</h2> to description 4. open permission details Actual results: Expected results: Additional info: