| 2011-03-23 01:32:33 |
Diogo Matsubara |
bug |
|
|
added bug |
| 2011-03-23 01:34:41 |
Diogo Matsubara |
description |
The field to name a new bug subscription filter doesn't escape html properly
Steps to reproduce:
1. Open https://launchpad.dev/firefox
2. Click the "+ Subscribe to bug mail" link
3. Enter </script><script>javascript:alert('XSS')</script><script> as the Subscription name.
4. Save the changes.
5. Open https://launchpad.dev/firefox/+subscriptions
What happens:
You get the XSS javascript alert
What should happen:
The html tags should've been properly escaped. |
The field to name a new bug subscription filter doesn't escape html properly
Steps to reproduce:
1. Open https://launchpad.dev/firefox
2. Click the "+ Subscribe to bug mail" link
3. Enter </script><script>javascript:alert('XSS')</script><script> as the Subscription name.
4. Save the changes.
5. Open https://launchpad.dev/firefox/+subscriptions
What happens:
You get the XSS javascript alert
What should happen:
The html tags should've been properly escaped.
This was tested on lp:~yellow/launchpad/accordionoverlay |
|
| 2011-03-23 01:38:06 |
Diogo Matsubara |
launchpad: assignee |
|
Launchpad Yellow Squad (yellow) |
|
| 2011-03-24 13:25:28 |
Данило Шеган |
launchpad: assignee |
Launchpad Yellow Squad (yellow) |
Данило Шеган (danilo) |
|
| 2011-03-24 13:25:33 |
Данило Шеган |
launchpad: status |
Triaged |
In Progress |
|
| 2011-03-25 12:59:11 |
Launchpad Janitor |
branch linked |
|
lp:~danilo/launchpad/bug-740640 |
|
| 2011-03-30 11:15:39 |
Launchpad QA Bot |
launchpad: milestone |
|
11.04 |
|
| 2011-03-30 11:15:40 |
Launchpad QA Bot |
tags |
exploratory-testing story-better-bug-notification |
exploratory-testing qa-needstesting story-better-bug-notification |
|
| 2011-03-30 11:15:42 |
Launchpad QA Bot |
launchpad: status |
In Progress |
Fix Committed |
|
| 2011-03-31 00:41:53 |
Robert Collins |
tags |
exploratory-testing qa-needstesting story-better-bug-notification |
exploratory-testing qa-untestable story-better-bug-notification |
|
| 2011-03-31 03:52:59 |
William Grant |
launchpad: status |
Fix Committed |
Fix Released |
|
| 2012-08-24 06:02:00 |
William Grant |
visibility |
private |
public |
|
| 2012-08-24 06:02:06 |
William Grant |
removed subscriber Launchpad Security |
|
|
|
