xss vulnerability in new bug subscription overlay
Bug #740640 reported by
Diogo Matsubara
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
Critical
|
Данило Шеган |
Bug Description
The field to name a new bug subscription filter doesn't escape html properly
Steps to reproduce:
1. Open https:/
2. Click the "+ Subscribe to bug mail" link
3. Enter </script>
4. Save the changes.
5. Open https:/
What happens:
You get the XSS javascript alert
What should happen:
The html tags should've been properly escaped.
This was tested on lp:~yellow/launchpad/accordionoverlay
Related branches
lp:~danilo/launchpad/bug-740640
- Henning Eggers (community): Approve (ui,code)
- Registry Administrators: Pending (ui) requested
-
Diff: 395 lines (+267/-5)5 files modifiedlib/lp/bugs/browser/tests/test_bugsubscriptionfilter.py (+8/-0)
lib/lp/bugs/model/bugsubscriptionfilter.py (+17/-1)
lib/lp/bugs/model/tests/test_bugsubscriptionfilter.py (+27/-0)
lib/lp/registry/javascript/structural-subscription.js (+119/-4)
lib/lp/registry/javascript/tests/test_structural_subscription.js (+96/-0)
description: | updated |
Changed in launchpad: | |
assignee: | nobody → Launchpad Yellow Squad (yellow) |
Changed in launchpad: | |
assignee: | Launchpad Yellow Squad (yellow) → Данило Шеган (danilo) |
status: | Triaged → In Progress |
Changed in launchpad: | |
status: | Fix Committed → Fix Released |
visibility: | private → public |
To post a comment you must log in.
Fixed in stable r12691 <http:// bazaar. launchpad. net/~launchpad- pqm/launchpad/ stable/ revision/ 12691>.