History | Log In     View a printable version of the current page. Get help!  
   HOME       BROWSE PROJECT       FIND ISSUES       CREATE NEW ISSUE   
    QUICK SEARCH:  
Issue Details [XML]

Key: CHD-1774
Type: Bug Bug
Status: Resolved Resolved
Resolution: Fixed
Assignee: Unassigned
Reporter: Scott J. Williamson
Votes: 0
Watchers: 0
Operations

Clone this issue
If you were logged in you would be able to see more operations.
Cerberus Helpdesk

Input validation not done

Created: 05/Mar/10 12:48 PM   Updated: 16/Apr/10 02:59 PM
Fix Version/s: 5.0 RC1

Original Estimate: Unknown Remaining Estimate: Unknown Time Spent: Unknown
Environment: Cerb4 4.2 thru 4.3.1

Value: 3 - Would Be Nice
Marquee: Platform


 Description   
Entering html code into a workspace name field on creation is not seen as an error. This code is taken and returned as the workspace name. Seems to be escaped in that instance.

If the entered html tag is not closed or valid, one is unable to edit the workspace name as the output to the edit dialogue is not escaped.

Please escape all html code in display at least, or better validate all input and reject any html.


 All   Comments   Work Log   Change History      Sort Order:
Comment by Jeff Standen [WGM] [16/Apr/10 02:59 PM]
[ Permlink ]
Fixed!



Powered by Atlassian JIRA™ (Standard Edition, Version: 3.3.1-#97) - Bug/feature request
Contact Administrators