746379 – messages show HTML, rather than rendering it

Bug 746379 - messages show HTML, rather than rendering it

Summary: messages show HTML, rather than rendering it

Keywords:
Status:	CLOSED DUPLICATE of bug 744770
Alias:	None
Product:	RHQ Project
Classification:	Other
Component:	Core UI
Sub Component:
Version:	4.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Heiko W. Rupp
QA Contact:	Mike Foley
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-10-15 06:07 UTC by John Mazzitelli
Modified:	2011-10-15 08:15 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-10-15 08:15:06 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	742614	1	None	None	None	2021-01-20 06:05:38 UTC

Internal Links: 742614

Description John Mazzitelli 2011-10-15 06:07:01 UTC

I saw a message in the message bar after creating a group, something like:

"you created group <a href="#Group/10000">My Group</a>"

Looks like we are dumping the HTML directly, not rendering it. We should take out the links or render the HTML properly.

Need to go through all our code to see where we log HTML messages to see if this happens elsewhere (it probably does).

Comment 1 Heiko W. Rupp 2011-10-15 08:07:36 UTC

This is "fallout" from the sanitizing of Messages ( BZ 742614 ), where the html gets escaped in order to prevent attacks that way.

And yes I agree, this needs to be fixed - especially as the table below immediately shows the new group.

Comment 2 Heiko W. Rupp 2011-10-15 08:15:06 UTC


*** This bug has been marked as a duplicate of bug 744770 ***

Note You need to log in before you can comment on or make changes to this bug.