Bug #24834
closed
Fact names and values are not displayed properly
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1625611
Description of problem:
If you upload Host Facts that contain characters like <>"&
- curl -u admin:changeme -k https://localhost/api/v2/hosts/facts -d '{"name": "facthost", "facts": {"name; <>\"&": "value; <>\"&", "operatingsystem": "RedHat", "operatingsystemrelease": "6.12"}}' -H 'Content-Type: application/json'
They are not displayed properly in UI
1. Monitor > Facts (/fact_values)
fact name is double escaped in the table
facthost name <>"& value <>"&
2. Monitor > Facts (/fact_values)
links in Name and Value columns points to not valid searches
3. Monitor > Facts > View Chart
fact names and values are double escaped in the charts
4. Monitor > Trends
values are escaped twice in graphs in Trends
Version-Release number of selected component (if applicable):
Satellite 6.4 snap 20
satellite-6.4.0-13.el7sat.noarch
katello-3.7.0-5.el7sat.noarch
foreman-1.18.0.18-1.el7sat.noarch
Additional info:
bz 1509442 cooment 5
Updated by Marek Hulán about 6 years ago
- Related to Bug #21519: CVE-2017-15100: Stored XSS in fact name or value added
Updated by The Foreman Bot about 6 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/6136 added
Updated by Ohad Levy almost 6 years ago
- Subject changed from Fact names and values are not displayed properly to Fact names and values are not displayed properly
- Target version set to 1.22.0
- Fixed in Releases 1.22.0 added
Updated by Anonymous almost 6 years ago
- Status changed from Ready For Testing to Closed
Applied in changeset e806152be65fe32031a210e38db6fb8e1f04ce66.
Updated by Tomer Brisker over 5 years ago
- Related to Refactor #25952: Unused function escaped_warning_chart_context added
Updated by Marek Hulán over 5 years ago
- Related to Bug #27382: Facts are double escaped in facts charts legend added