HWBOT
  1. HWBOT
  2. HWBOT-812

Prevent Cross Site Scripting issues

    Details

    • Type: Improvement Improvement
    • Status: Resolved Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: hwbot v4.6.12
    • Labels:
      None

      Description

      If we display input from the user on a page, we should be sure it does not contain javascript.

      Eg:
      Searching for the following should not throw a popup.
      <SCRIPT>alert("XSS")</SCRIPT>

        Activity

        Hide
        Frederik Colardyn added a comment -
        Fixed:
        - all comments
        - all notifications (user and team wall)
        - all search result page
        - submission comment
        - submission edit reason
        Show
        Frederik Colardyn added a comment - Fixed: - all comments - all notifications (user and team wall) - all search result page - submission comment - submission edit reason
        Hide
        Build Server added a comment -
        Integrated in HWBOT v4 #2558 (See [http://dev.hwbot.org/job/HWBOT%20v4/2558/])
            HWBOT-812
        Prevent Cross Site Scripting issues

        frederik :
        Files :
        * /hwbot/trunk/src/main/webapp/WEB-INF/views/search/searchResults.jsp
        * /hwbot/trunk/src/main/webapp/WEB-INF/views/notification/notificationContent.jsp
        * /hwbot/trunk/src/main/java/org/hwbot/persistence/ApplicationFutureMark.java
        * /hwbot/trunk/src/main/webapp/WEB-INF/views/news/comments.jsp
        * /hwbot/trunk/src/main/webapp/WEB-INF/views/submit/submissionInfo.jsp
        * /hwbot/trunk/src/main/webapp/WEB-INF/views/submit/sidebar.jsp
        Show
        Build Server added a comment - Integrated in HWBOT v4 #2558 (See [ http://dev.hwbot.org/job/HWBOT%20v4/2558/ ])      HWBOT-812 Prevent Cross Site Scripting issues frederik : Files : * /hwbot/trunk/src/main/webapp/WEB-INF/views/search/searchResults.jsp * /hwbot/trunk/src/main/webapp/WEB-INF/views/notification/notificationContent.jsp * /hwbot/trunk/src/main/java/org/hwbot/persistence/ApplicationFutureMark.java * /hwbot/trunk/src/main/webapp/WEB-INF/views/news/comments.jsp * /hwbot/trunk/src/main/webapp/WEB-INF/views/submit/submissionInfo.jsp * /hwbot/trunk/src/main/webapp/WEB-INF/views/submit/sidebar.jsp
        Hide
        Frederik Colardyn added a comment -
        Fixed all known vulnerable boxes
        Show
        Frederik Colardyn added a comment - Fixed all known vulnerable boxes

          People

          • Assignee:
            Frederik Colardyn
            Reporter:
            Frederik Colardyn
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: