Bug 982488 - html in permission description
html in permission description
Status: CLOSED CURRENTRELEASE
Product: Red Hat Satellite 6
Classification: Red Hat
Component: WebUI (Show other bugs)
Nightly
Unspecified Unspecified
unspecified Severity medium (vote)
: Unspecified
: --
Assigned To: Eric Helms
Ales Dujicek
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-09 03:32 EDT by Ales Dujicek
Modified: 2014-04-24 13:11 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-04-24 13:09:57 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
html in permission description (10.98 KB, image/png)
2013-07-09 03:32 EDT, Ales Dujicek
no flags Details

  None (edit)
Description Ales Dujicek 2013-07-09 03:32:29 EDT
Created attachment 770830 [details]
html in permission description

Description of problem:

html in permission description is not escaped


Version-Release number of selected component (if applicable):
katello-1.4.2-18.el6sat.noarch
katello-candlepin-cert-key-pair-1.0-1.noarch
katello-agent-1.4.3-1.git.1.24fe511.el6.noarch
katello-certs-tools-1.4.2-2.el6sat.noarch
katello-configure-1.4.3-16.el6sat.noarch
katello-glue-pulp-1.4.2-18.el6sat.noarch
katello-all-1.4.2-18.el6sat.noarch
katello-cli-common-1.4.2-8.el6sat.noarch
ruby193-rubygem-foreman-katello-engine-0.0.8-6.el6sat.noarch
signo-katello-0.0.19-1.el6sat.noarch
katello-glue-elasticsearch-1.4.2-18.el6sat.noarch
katello-configure-foreman-1.4.3-16.el6sat.noarch
katello-foreman-all-1.4.2-18.el6sat.noarch
katello-qpid-client-key-pair-1.0-1.noarch
katello-cli-1.4.2-8.el6sat.noarch
ruby193-rubygem-katello_api-0.0.3-2.el6_4.noarch
katello-common-1.4.2-18.el6sat.noarch
katello-selinux-1.4.3-3.el6sat.noarch
katello-glue-candlepin-1.4.2-18.el6sat.noarch
ruby193-rubygem-katello-foreman-engine-0.0.3-6.el6sat.noarch
katello-qpid-broker-key-pair-1.0-1.noarch

How reproducible:
always

Steps to Reproduce:
1. Administer > Roles > select role
2. Permissions > Global permissions > Add permission
3. choose any scope etc., fill html like <script>alert('foo');</script> or <h2>ht<font color=red>ml</font> !!</h2> to description
4. open permission details

Actual results:


Expected results:


Additional info:
Comment 1 RHEL Product and Program Management 2013-09-17 00:23:40 EDT
Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.
Comment 4 Eric Helms 2013-10-08 16:39:31 EDT
Fix available as of 0860e230be29ee26a6b4657ecf0bb886f684937e
Comment 7 Ales Dujicek 2013-10-18 07:42:26 EDT
Verified.

katello-all-1.4.6-39.el6sat.noarch
katello-selinux-1.4.4-4.el6sat.noarch
katello-qpid-broker-key-pair-1.0-1.noarch
katello-1.4.6-39.el6sat.noarch
signo-katello-0.0.22-2.el6sat.noarch
katello-configure-foreman-proxy-1.4.7-5.el6sat.noarch
katello-glue-candlepin-1.4.6-39.el6sat.noarch
katello-glue-pulp-1.4.6-39.el6sat.noarch
katello-cli-common-1.4.3-24.el6sat.noarch
katello-candlepin-cert-key-pair-1.0-1.noarch
katello-configure-1.4.7-5.el6sat.noarch
katello-glue-elasticsearch-1.4.6-39.el6sat.noarch
katello-configure-foreman-1.4.7-5.el6sat.noarch
katello-foreman-all-1.4.6-39.el6sat.noarch
pulp-katello-plugins-0.2-1.el6sat.noarch
ruby193-rubygem-foreman-katello-engine-0.0.17-6.el6sat.noarch
ruby193-rubygem-katello-foreman-engine-0.0.11-3.el6sat.noarch
ruby193-rubygem-katello_api-0.0.3-4.el6sat.noarch
katello-common-1.4.6-39.el6sat.noarch
katello-cli-1.4.3-24.el6sat.noarch
katello-certs-tools-1.4.4-1.el6sat.noarch
katello-qpid-client-key-pair-1.0-1.noarch
Comment 8 Bryan Kearney 2014-04-24 13:09:57 EDT
This was verified and delivered with MDP2. Closing it out.
Comment 9 Bryan Kearney 2014-04-24 13:11:19 EDT
This was delivered and verified with MDP2. Closing the bug.

Note You need to log in before you can comment on or make changes to this bug.