Project

General

Profile

Actions
Copy link

Bug #2622

closed

New Proxy dialog renders full HTML on error

Added by Lukas Zapletal over 11 years ago. Updated over 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Lukas Zapletal
Category:
Web Interface
Target version:
1.2.0
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

If you insert e.g. http://www.redhat.com:80 then the HTML is rendered. We should:

  • only show first few lines of the output
  • escape HTML entities there

I am testing more pages where we require an URL.

Low security impact.

Actions
Copy link
 #1

Updated by Dominic Cleal over 11 years ago

The other aspect of this is proxy responses are likely used verbatim in success/failure popups etc, I know HTTP response messages certainly appear there.

Actions
Copy link
 #2

Updated by Lukas Zapletal over 11 years ago

Right, created a task on backlog for this. There is much more :-(

Actions
Copy link
 #3

Updated by Dominic Cleal over 11 years ago

  • Status changed from Assigned to Ready For Testing
Actions
Copy link
 #4

Updated by Lukas Zapletal over 11 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions
Copy link
 #5

Updated by Dominic Cleal over 11 years ago

  • Status changed from Closed to Assigned
  • % Done changed from 100 to 50

Sorry, accidentally pushed this. Please see my last comment in the PR and send a new PR for the additional change(s). Thanks!

Actions
Copy link
 #6

Updated by Lukas Zapletal over 11 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 50 to 100
Actions
Copy link

Also available in: Atom PDF