Red Hat Bugzilla – Bug 194515
Action message for creating group does not escape all characters.
Last modified: 2012-10-05 05:27:42 EDT
To recreate / testplan:
2. Go to system groups page
3. Click to create a group.
4. put in a group name with lots of strange characters, Here's two fun ones:
5. See the ugliness.
Actual results: The Action message includes only part of the group name.
Expected results: The Action message contains the entire group name displayed
correctly. Also verify that the rest of the page has valid and sensible html.
Created attachment 130769 [details]
Reassigning a bunch of my bugs to mmccune so they aren't forgotten.
Created attachment 622061 [details]
Showing that today in Satellite, we are much more sane
Reviewing the current 5.5 Satellite behavior I would say that this is now resolved. We will remove < > chars, and otherwise, display and use the crazy chars for system group names without issue. This is same for many area's of the UI we have fixed over the past couple of years for correctly escaping and filtering chars, etc to prevent cross-site scripting and other potential attacks.