Uploaded image for project: 'Continuum'
  1. Continuum
  2. CONTINUUM-530

HTML encode the build output

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 1.1-beta-1
    • Web interface
    • None

    Description

      Currently the output is included verbatim, which means that the browser will try to parse any XML that's in the build output. See the attached snapshot versus the actual output:

      – SNIP –
      <featureMember typeName="View of GAB Adresse">
      <Feature identifier="swrefVrecordVdatasetZaddressVcollectionZne_adresseVkeysZ158428" typeName="View of GAB Adresse">
      <property type="string" typeName="thc_world_name">Norge</property>
      <property type="integer" typeName="kadranr">158428</property>
      <property type="integer" typeName="kkomnr">219</property>
      <property type="string" typeName="kommunenavn">Bærum</property>
      <property type="string" typeName="kgatanvn">KYRRES VEI</property>
      <property type="integer" typeName="kadrnr">19</property>
      <property type="string" typeName="kadrunr">C</property>
      <property type="integer" typeName="kadruunr"/>
      <property type="string" typeName="kposnr">1369</property>
      <property type="string" typeName="postnavn">STABEKK</property>
      <geometricProperty typeName="posisjon">
      <Point ID="swrefVgeometryVdatasetZaddressVcollectionZne_adresseVfieldZposisjonVlocalZTrueVkeysZ536885020X662636086X690767" swldy:world="swrefVworldVdatasetZaddressVuniverseZ2VworldZ0">
      <coordinates>-409769860,-357023026 </coordinates>
      </Point>
      </geometricProperty>
      <geometricProperty typeName="annotation">
      <Annotation ID="swrefVgeometryVdatasetZaddressVcollectionZne_adresseVfieldZannotationVlocalZTrueVkeysZ536885020X662636069X690770" swldy:world="swrefVworldVdatasetZaddressVuniverseZ2VworldZ0">
      <coordinates>-409769860,-357022026 </coordinates>
      <string>19C</string>
      <orientation>0.000000</orientation>
      <justification>22</justification>
      <font_orientation/>
      <height>1.000000</height>
      </Annotation>
      </geometricProperty>
      <swldy:DisplayContextProperty typeName="display_context">
      <Feature typeName="display_context"/>
      </swldy:DisplayContextProperty>
      <swldy:associatedDocumentsProperty typeName="associatedDocuments">
      <Document/>
      – SNIP –

      Attachments

        1. continuum-snapshot.png
          36 kB
          Trygve Laugstol
        2. htmlEscape.patch
          2 kB
          Jorg Heymans

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. CONTINUUM-679 Insecure html in build output leads to bad html rendering - could be used for malicious cross-site scripting.

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. CONTINUUM-673 html is not escaped properly in build output

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. CONTINUUM-817 The generated output in the Working Copy page displays the wrong content

          • Major - Major loss of function.
          • Closed

          Activity

            People

              evenisse Emmanuel Venisse
              trygvis@inamo.no Trygve Laugstøl
              Votes:
              2 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: