Bug 194515 - Action message for creating group does not escape all characters.
Action message for creating group does not escape all characters.
Status: CLOSED CURRENTRELEASE
Product: Red Hat Network
Classification: Red Hat
Component: RHN/Web Site (Show other bugs)
rhn420
All Linux
medium Severity medium
: ---
: ---
Assigned To: Mike McCune
Red Hat Satellite QA List
:
Depends On:
Blocks: 165365
  Show dependency treegraph
 
Reported: 2006-06-08 13:36 EDT by Ken Ganong
Modified: 2012-10-05 05:27 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-10-05 05:27:42 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
sad results (175.63 KB, image/png)
2006-06-08 13:36 EDT, Ken Ganong
no flags Details
Showing that today in Satellite, we are much more sane (152.73 KB, image/png)
2012-10-05 05:26 EDT, Clifford Perry
no flags Details

  None (edit)
Description Ken Ganong 2006-06-08 13:36:57 EDT
To recreate / testplan:
1. Login
2. Go to system groups page
3. Click to create a group.
4. put in a group name with lots of strange characters,  Here's two fun ones:
    !@#$%^ <
    !@">#&$%
5. See the ugliness.

Actual results: The Action message includes only part of the group name.

Expected results: The Action message contains the entire group name displayed
correctly.  Also verify that the rest of the page has valid and sensible html.
Comment 1 Ken Ganong 2006-06-08 13:36:57 EDT
Created attachment 130769 [details]
sad results
Comment 2 Ken Ganong 2006-12-15 15:49:22 EST
Reassigning a bunch of my bugs to mmccune so they aren't forgotten.
Comment 3 Clifford Perry 2012-10-05 05:26:30 EDT
Created attachment 622061 [details]
Showing that today in Satellite, we are much more sane

Reviewing the current 5.5 Satellite behavior I would say that this is now resolved. We will remove < > chars, and otherwise, display and use the crazy chars for system group names without issue. This is same for many area's of the UI we have fixed over the past couple of years for correctly escaping and filtering chars, etc to prevent cross-site scripting and other potential attacks. 

Cliff

Note You need to log in before you can comment on or make changes to this bug.