Bug #25230: compute resource test connection is html incorrectly escaped - Foreman

Actions

Bug #25230

closed

compute resource test connection is html incorrectly escaped

Added by Ohad Levy about 6 years ago. Updated about 6 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

Web Interface

Target version:

Difficulty:

Triaged:

Yes

Bugzilla link:

Pull request:

https://github.com/theforeman/foreman/pull/6154

Fixed in Releases:

Found in Releases:

Red Hat JIRA:

Description

see attachment

steps to reproduce

1. create / edit a compute resource
2. click on test connection
3. see incorrect toast message.

Files

cr-test.png

View cr-test.png

5.9 KB

Ohad Levy, 10/18/2018 12:42 PM

Related issues 2 (0 open — 2 closed)

Actions

#1

Updated by Ohad Levy about 6 years ago

Related to Bug #24807: CVE-2018-16861 - toast notification sends strings through as HTML added

Actions

#2

Updated by The Foreman Bot about 6 years ago

Status changed from New to Ready For Testing
Assignee set to Tomer Brisker
Pull request https://github.com/theforeman/foreman/pull/6154 added

Actions

#3

Updated by Tomer Brisker about 6 years ago

Category changed from Compute resources to Web Interface
Triaged changed from No to Yes

The same issue is also present for email and auth source test connection buttons.

Actions

#4

Updated by Ohad Levy about 6 years ago

Target version set to 1.20.0

I would suggest cherrypicking to 1.20?

Actions

#5

Updated by Tomer Brisker about 6 years ago

Status changed from Ready For Testing to Closed

Applied in changeset b96e66b42088af7d4078f5ee4825f38596513fcc.

Actions

#6

Updated by Tomer Brisker about 6 years ago

Fixed in Releases 1.20.0 added

cherry-picked.

Actions

#7

Updated by Tomer Brisker about 6 years ago

Has duplicate Bug #25456: Test connection on compute resource shows notification with html tags added

Actions

Also available in: Atom PDF