Project

General

Profile

Actions
Copy link

Bug #14271

closed

JS in directive name is executed on rule table if the directive is disabled

Added by François ARMAND almost 6 years ago. Updated over 5 years ago.

Status:
Released
Priority:
N/A
Assignee:
Nicolas CHARLES
Category:
Web - UI & UX
Target version:
4.1.20
Pull Request:
https://github.com/Normation/rudder/p...
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
User visibility:
Infrequent - complex configurations | third party integrations
Effort required:
Priority:
22
Name check:
Fix check:
Regression:

Description

We still have a problem similar to #14221, but not a security one, in the explication of why a rule is disable is the js is in directive name.

Related issues 1 (0 open1 closed)

Related to Rudder - Bug #14221: we can inject html & javascript in Rudder tablesReleasedFrançois ARMANDActions
Actions
Copy link
 #1

Updated by François ARMAND almost 6 years ago

  • Status changed from New to In progress
Actions
Copy link
 #2

Updated by François ARMAND almost 6 years ago

  • Related to Bug #14221: we can inject html & javascript in Rudder tables added
Actions
Copy link
 #3

Updated by François ARMAND almost 6 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Nicolas CHARLES
  • Pull Request set to https://github.com/Normation/rudder/pull/2131
Actions
Copy link
 #4

Updated by François ARMAND almost 6 years ago

  • Status changed from Pending technical review to Pending release
Actions
Copy link
 #5

Updated by François ARMAND over 5 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 4.1.20, 4.3.10 and 5.0.6 which were released today.

Actions
Copy link

Also available in: Atom PDF