Description of problem: Version-Release number of selected component (if applicable): 1.4.2-1.git.961.e5d1bd2.el6 How reproducible: Steps to Reproduce: 1. Create org called "<a href='foo'>Click here</a>" 2. 3. Actual results: org created, notification displayed with "Click here" link that actually points at 'foo'. Expected results: Validation fail Additional info:
Note, the Expected Result should be Notification displayed with org name escaped
https://github.com/Katello/katello/pull/2680
SNAP0 contains these bug fixes. Moving to ON_QA.
Created attachment 785685 [details] Org Created not rendered as HTML tags VERIFIED : # rpm -qa | grep katello katello-selinux-1.4.4-2.el6sat.noarch katello-candlepin-cert-key-pair-1.0-1.noarch katello-certs-tools-1.4.2-2.el6sat.noarch katello-cli-common-1.4.3-5.el6sat.noarch katello-cli-1.4.3-5.el6sat.noarch katello-common-1.4.3-6.el6sam_splice.noarch katello-configure-1.4.4-2.el6sat.noarch katello-glue-elasticsearch-1.4.3-6.el6sam_splice.noarch katello-headpin-all-1.4.3-6.el6sam_splice.noarch katello-glue-candlepin-1.4.3-6.el6sam_splice.noarch signo-katello-0.0.10-2.el6sat.noarch katello-headpin-1.4.3-6.el6sam_splice.noarch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHEA-2013-1390.html