Bug 987909

Summary: Org names rendered as HTML
Product: [Retired] Subscription Asset Manager Reporter: Jeff Weiss <jweiss>
Component: katelloAssignee: Adam Price <adprice>
Status: CLOSED ERRATA QA Contact: Tazim Kolhar <tkolhar>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 1.3CC: cwelton, dajohnso, sthirugn, tkolhar, tomckay
Target Milestone: rcKeywords: Regression
Target Release: ---Flags: jweiss: automate_bug+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 995936 (view as bug list) Environment:
Last Closed: 2013-10-01 11:14:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 833466, 995936    
Attachments:
Description Flags
Org Created not rendered as HTML tags none

Description Jeff Weiss 2013-07-24 12:03:58 UTC 
Description of problem:


Version-Release number of selected component (if applicable):
1.4.2-1.git.961.e5d1bd2.el6

How reproducible:


Steps to Reproduce:
1. Create org called "<a href='foo'>Click here</a>"
2.
3.

Actual results:
org created, notification displayed with "Click here" link that actually points at 'foo'.

Expected results:
Validation fail

Additional info:
Comment 2 Jeff Weiss 2013-07-24 12:44:27 UTC 
Note, the Expected Result should be
Notification displayed with org name escaped
Comment 3 Adam Price 2013-07-24 22:08:43 UTC 
https://github.com/Katello/katello/pull/2680
Comment 4 Bryan Kearney 2013-08-02 18:52:09 UTC 
SNAP0 contains these bug fixes. Moving to ON_QA.
Comment 7 Tazim Kolhar 2013-08-12 13:32:49 UTC 
Created attachment 785685 [details]
Org Created not rendered as HTML tags

VERIFIED :

# rpm -qa | grep katello
katello-selinux-1.4.4-2.el6sat.noarch
katello-candlepin-cert-key-pair-1.0-1.noarch
katello-certs-tools-1.4.2-2.el6sat.noarch
katello-cli-common-1.4.3-5.el6sat.noarch
katello-cli-1.4.3-5.el6sat.noarch
katello-common-1.4.3-6.el6sam_splice.noarch
katello-configure-1.4.4-2.el6sat.noarch
katello-glue-elasticsearch-1.4.3-6.el6sam_splice.noarch
katello-headpin-all-1.4.3-6.el6sam_splice.noarch
katello-glue-candlepin-1.4.3-6.el6sam_splice.noarch
signo-katello-0.0.10-2.el6sat.noarch
katello-headpin-1.4.3-6.el6sam_splice.noarch
Comment 9 errata-xmlrpc 2013-10-01 11:14:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2013-1390.html