Project

General

Profile

Bug #35977

Host list interpretes HTML from comment-field

Added by Markus Bucher 2 months ago. Updated about 1 month ago.

Status:
Closed
Priority:
High
Assignee:
-
Category:
Inventory
Target version:
3.5.2
Difficulty:
Triaged:
Yes
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman/pull/9598, https://github.com/theforeman/foreman/pull/9592, https://github.com/theforeman/foreman/pull/9600, https://github.com/theforeman/foreman/pull/9599
Fixed in Releases:
3.4.2, 3.5.2, 3.6.0
Found in Releases:
Red Hat JIRA:

Description

Host index page was found to interpret HTML-code written into a host's comment-field.

Since the Host-detail page shows the HTML-code as text, the index-page should do the same thing (also to avoid potential malicous values).

Associated revisions

Revision b7f865dd (diff)
Added by Markus Bucher 2 months ago

Fixes #35977 - html_escape host-comment in index

History

#1 Updated by The Foreman Bot 2 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/9592 added

#2 Updated by The Foreman Bot 2 months ago

  • Fixed in Releases 3.6.0 added

#3 Updated by Ewoud Kohl van Wijngaarden 2 months ago

  • Target version set to 3.5.2

#4 Updated by Markus Bucher 2 months ago

  • Status changed from Ready For Testing to Closed

#5 Updated by The Foreman Bot 2 months ago

  • Pull request https://github.com/theforeman/foreman/pull/9598 added

#6 Updated by The Foreman Bot 2 months ago

  • Pull request https://github.com/theforeman/foreman/pull/9599 added

#7 Updated by The Foreman Bot 2 months ago

  • Pull request https://github.com/theforeman/foreman/pull/9600 added

#8 Updated by The Foreman Bot 2 months ago

  • Fixed in Releases 3.4.2 added

#9 Updated by The Foreman Bot 2 months ago

  • Fixed in Releases 3.5.2 added

#10 Updated by Ewoud Kohl van Wijngaarden about 1 month ago

  • Triaged changed from No to Yes
  • Category set to Inventory

Also available in: Atom PDF