InlineMultiCheckboxWidget renders unescaped JSON
Bug #741624 reported by
William Grant
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
Critical
|
Deryck Hodge |
Bug Description
InlineMultiChec
Related branches
lp:~deryck/launchpad/inline-multicheckbox-xss-741624
- Benji York (community): Approve (code)
-
Diff: 12 lines (+1/-1)1 file modifiedlib/lp/app/templates/inline-multicheckbox-widget.pt (+1/-1)
Changed in launchpad: | |
status: | Triaged → In Progress |
assignee: | nobody → Deryck Hodge (deryck) |
tags: |
added: qa-ok removed: qa-needstesting |
Changed in launchpad: | |
status: | Fix Committed → Fix Released |
visibility: | private → public |
To post a comment you must log in.
I can't reproduce this. I've been playing on a +recipe page on the dev server, after I created a recipe for one of the sample data branches. I've created a new distro series with the name "Foo <script> alert(' gotcahs! ');</script> " and the widget escapes that name on the page. I also hacked the doc test for the widget and see escaped tags.
Am I looking at the wrong page, the wrong widget, or is there somewhere else that uses this widget? Or else, how can I reproduce this?