Project

General

Profile

Actions

Bug #19514

closed

JS in a node name is evaluated in the rule changes

Added by Nicolas CHARLES over 3 years ago. Updated over 1 year ago.

Status:
Released
Priority:
N/A
Assignee:
-
Category:
Security
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:

Description

If a node is named

<script>alert("test");</script> 

and generated repairs reports, on the rule page, clicking over the changes in the compliance section will cause one "alert("test")" per repair reports

If the repair just happened, it is on the list of changes in the table in the bottom when clicking on compliance and is evaluated immediatly

It does not always happen (something there are JS error on the pages)


Related issues 1 (0 open1 closed)

Related to Rudder - Bug #19456: Lack of HTML escaping in nodes listReleasedNicolas CHARLESActions
Actions

Also available in: Atom PDF