Project

General

Profile

Bug #2622

New Proxy dialog renders full HTML on error

Added by Lukas Zapletal about 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Lukas Zapletal
Category:
Web Interface
Target version:
1.2.0
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

If you insert e.g. http://www.redhat.com:80 then the HTML is rendered. We should:

  • only show first few lines of the output
  • escape HTML entities there

I am testing more pages where we require an URL.

Low security impact.

Associated revisions

Revision c8d1c6d7 (diff)
Added by Lukas Zapletal about 6 years ago

fixes #2622 - error messages with HTML properly escaped

Revision e8030775 (diff)
Added by Lukas Zapletal about 6 years ago

fixes #2622 - error messages with HTML properly escaped
(cherry picked from commit c8d1c6d713cc412bc4ab30b74e60e2ff98d8b74a)

History

#1 Updated by Dominic Cleal about 6 years ago

The other aspect of this is proxy responses are likely used verbatim in success/failure popups etc, I know HTTP response messages certainly appear there.

#2 Updated by Lukas Zapletal about 6 years ago

Right, created a task on backlog for this. There is much more :-(

#3 Updated by Dominic Cleal about 6 years ago

  • Status changed from Assigned to Ready For Testing

#4 Updated by Lukas Zapletal about 6 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#5 Updated by Dominic Cleal about 6 years ago

  • Status changed from Closed to Assigned
  • % Done changed from 100 to 50

Sorry, accidentally pushed this. Please see my last comment in the PR and send a new PR for the additional change(s). Thanks!

#6 Updated by Lukas Zapletal about 6 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 50 to 100

Also available in: Atom PDF