Red Hat Bugzilla – Bug 1215024
search bar does not escape </script> tags when producing JSON
Last modified: 2018-02-05 19:41:31 EST
Description of problem:
The search bar code for emitting the "search object" onto the page (JS object defining all possible search fields, operations, and values) does not correctly escape </script> tags appearing in string literals.
If the admin defines a key type or arch containing </script>... it will appear unescaped in the page.
Basically a dupe of bug 1209736 because the search bar code is not using tg.to_json like everything else.
Version-Release number of selected component (if applicable):
affects all Beaker versions since 2011 or earlier
with admin access
Steps to Reproduce:
1. As an admin, add a key type: <script>alert('xss')</script>
2. Go to the systems page
'xss' alert appears. </script> is unescaped inside the JS string literal.
</script> is escaped correctly.
Created attachment 1020004 [details]
Verified this issue.
The result is PASS.
Version: Beaker 20.1.git.5.24dc482
Beaker 20.1 has been released.