XML entities are not escaped during note save - /notes/ oopses
Bug #527374 reported by
Roman Yepishev
This bug affects 5 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu One Servers |
Fix Released
|
Critical
|
Rodrigo Moya |
Bug Description
STR:
1. Create a note with any title
2. Put unescaped &, or <tag> to the note.
3. Save the note.
4. Everything looks fine.
5. Now go to /notes/ url
Actual result:
OOPS:
* xmlParseEntityRef: no name.
* Opening and ending tag mismatch.
Expected result:
Everything works.
Reason:
&, <, and > are not escaped when saved to server couchdb. Upon reading the notes server parses the stored value and raises an exception.
Unforturnately I can't open any notes the error page is berfore
visibility: | private → public |
Changed in ubuntuone-servers: | |
status: | New → Confirmed |
importance: | Undecided → Critical |
assignee: | nobody → Ubuntu One Desktop+ team (ubuntuone-desktop+) |
tags: | added: desktop+ notes webui |
Changed in ubuntuone-servers: | |
assignee: | Ubuntu One Desktop+ team (ubuntuone-desktop+) → Rodrigo Moya (rodrigo-moya) |
Changed in ubuntuone-servers: | |
status: | Confirmed → In Progress |
Changed in ubuntuone-servers: | |
status: | In Progress → Fix Committed |
description: | updated |
To post a comment you must log in.
Please note that the notes are _already_ stored in the broken format on u1 so the code will need to restore the entities properly on note sync / and web ui editing.