Bug #2622
New Proxy dialog renders full HTML on error
Description
If you insert e.g. http://www.redhat.com:80 then the HTML is rendered. We should:
- only show first few lines of the output
- escape HTML entities there
I am testing more pages where we require an URL.
Low security impact.
Associated revisions
fixes #2622 - error messages with HTML properly escaped
(cherry picked from commit c8d1c6d713cc412bc4ab30b74e60e2ff98d8b74a)
History
#1
Updated by Dominic Cleal about 9 years ago
The other aspect of this is proxy responses are likely used verbatim in success/failure popups etc, I know HTTP response messages certainly appear there.
#2
Updated by Lukas Zapletal about 9 years ago
Right, created a task on backlog for this. There is much more :-(
#3
Updated by Dominic Cleal about 9 years ago
- Status changed from Assigned to Ready For Testing
#4
Updated by Lukas Zapletal about 9 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset c8d1c6d713cc412bc4ab30b74e60e2ff98d8b74a.
#5
Updated by Dominic Cleal about 9 years ago
- Status changed from Closed to Assigned
- % Done changed from 100 to 50
Sorry, accidentally pushed this. Please see my last comment in the PR and send a new PR for the additional change(s). Thanks!
#6
Updated by Lukas Zapletal about 9 years ago
- Status changed from Assigned to Closed
- % Done changed from 50 to 100
Applied in changeset e80307751812093e70b9c0de7b566c04ef9a9712.
fixes #2622 - error messages with HTML properly escaped