Bug #35977
Host list interpretes HTML from comment-field
Difficulty:
Triaged:
Yes
Description
Host index page was found to interpret HTML-code written into a host's comment-field.
Since the Host-detail page shows the HTML-code as text, the index-page should do the same thing (also to avoid potential malicous values).
Associated revisions
History
#1
Updated by The Foreman Bot 2 months ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/9592 added
#2
Updated by The Foreman Bot 2 months ago
- Fixed in Releases 3.6.0 added
#3
Updated by Ewoud Kohl van Wijngaarden 2 months ago
- Target version set to 3.5.2
#4
Updated by Markus Bucher 2 months ago
- Status changed from Ready For Testing to Closed
Applied in changeset foreman|b7f865dd5cd49020fa544fa488ea5567781879e9.
#5
Updated by The Foreman Bot 2 months ago
- Pull request https://github.com/theforeman/foreman/pull/9598 added
#6
Updated by The Foreman Bot 2 months ago
- Pull request https://github.com/theforeman/foreman/pull/9599 added
#7
Updated by The Foreman Bot 2 months ago
- Pull request https://github.com/theforeman/foreman/pull/9600 added
#8
Updated by The Foreman Bot 2 months ago
- Fixed in Releases 3.4.2 added
#9
Updated by The Foreman Bot 2 months ago
- Fixed in Releases 3.5.2 added
#10
Updated by Ewoud Kohl van Wijngaarden about 1 month ago
- Triaged changed from No to Yes
- Category set to Inventory
Fixes #35977 - html_escape host-comment in index