Bug #6858
closed
HTML tags should be escaped when we update any parameter value under settings tab
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1125181
Description of problem:
I was trying to update parameter defined under settings tab and I was able to update it with HTML tags and those tags should be escaped properly.
For example, I updated 'administrator' parm value with :<a href="foo_bar">foo</a>
And UI shows me a link to 'foo'. Please see the screenshot.
Please note that UI doesn't escaped the HTML tags immediately after updating the value. But once you navigate away from settings page to other and get back then it will be escaped.
Version-Release number of selected component (if applicable):
sat6 GA snap1
How reproducible:
always
Steps to Reproduce:
1. pick any parameter which open a text box to update its value
2. edit the value with html tags like: <a href="foo_bar">foo</a>
3. save it
Actual results:
UI doesn't escaped the HTML tags immediately after updating the value. But once you navigate away from settings page to other and get back then it will be escaped.
Expected results:
HTML tags should be escaped as soon as you save the parameter value
Additional info:
similar issue with other parameter "email_reply_address"
Updated by 
Updated by 
Updated by 
Updated by