Hide Forgot
Description of problem: During verification of Bug 438142 I found possible double escaping in Messaging › amqp-broker › Queue Version-Release number of selected component (if applicable): cumin-0.1.5192-3.el5.noarch cumin-0.1.5192-4.el6.noarch How reproducible: 100% Steps to Reproduce: 1. Messaging › amqp-broker 2. Add queue - <script>alert(1)</script> 3. Look into queue details Actual results: <script>alert(1)</script> Expected results: <script>alert(1)</script> Additional info:
The same with drilling into submitted job. 'Details tab' with queue name or job description looks ok, but Breadcrumbs above are broken.
(In reply to comment #1) > The same with drilling into submitted job. 'Details tab' with queue name or job > description looks ok, but Breadcrumbs above are broken. Yes, this is probably a bug. This comes under my comment from 438142: "There are a few other places where I inadvertently created double escapes, like breadcrumbs, however these are harder to track down and no legitimate objects are at all likely to contain <, &, or > anyway so the double escape doesn't really matter."
Also present in Go to cumin-grid-configuration-'Create tag'
Changed the title of this BZ. This is a general problem that I believe can be handled in the xml_escape() routine itself. The code needs to check for escape sequences in the string passed in and act accordingly.
Fixed in trunk revision 5470.
Tested on RHEL 5/6 i386/x86_64 cumin-0.1.5648-1 Comment 0 Comment 1 - Job submission is sanitized for XML special characters Comment 4 --> VERIFIED
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0564.html