Actions
Bug #17698
closedBug #17641: Markdown descriptions in directives and groups are evaluated, resulting in Javascript execution
Tooltips in interface tree evaluate scripts
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
Description
Trees in Directives and Active Technique pages display tooltips containing the description of the Technique.
However, this tooltip evaluates everything that is in the description, especially Javascript, that would get executed when hovering over a malicious Technique
For instance, creating a technique with decription <script>alert("bob");</script> and hovering over the technique in directives page or the active technique page shows the alert
Escaping the content of the tooltip fixes the issue
Actions