xss vulnerability in new bug subscription overlay
Bug #740640 reported by
Diogo Matsubara
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Launchpad itself |
Fix Released
|
Critical
|
Данило Шеган | ||
Bug Description
The field to name a new bug subscription filter doesn't escape html properly
Steps to reproduce:
1. Open https:/
2. Click the "+ Subscribe to bug mail" link
3. Enter </script>
4. Save the changes.
5. Open https:/
What happens:
You get the XSS javascript alert
What should happen:
The html tags should've been properly escaped.
This was tested on lp:~yellow/launchpad/accordionoverlay
Related branches
lp:~danilo/launchpad/bug-740640
- Henning Eggers (community): Approve (ui,code)
- Registry Administrators: Pending (ui) requested
-
Diff: 395 lines (+267/-5)5 files modifiedlib/lp/bugs/browser/tests/test_bugsubscriptionfilter.py (+8/-0)
lib/lp/bugs/model/bugsubscriptionfilter.py (+17/-1)
lib/lp/bugs/model/tests/test_bugsubscriptionfilter.py (+27/-0)
lib/lp/registry/javascript/structural-subscription.js (+119/-4)
lib/lp/registry/javascript/tests/test_structural_subscription.js (+96/-0)
| description: | updated |
| Changed in launchpad: | |
| assignee: | nobody → Launchpad Yellow Squad (yellow) |
| Changed in launchpad: | |
| assignee: | Launchpad Yellow Squad (yellow) → Данило Шеган (danilo) |
| status: | Triaged → In Progress |
Revision history for this message
| Launchpad QA Bot (lpqabot) wrote | #1 |
| Changed in launchpad: | |
| milestone: | none → 11.04 |
| tags: | added: qa-needstesting |
| Changed in launchpad: | |
| status: | In Progress → Fix Committed |
Revision history for this message
| Robert Collins (lifeless) wrote | #2 |
| tags: |
added: qa-untestable removed: qa-needstesting |
| Changed in launchpad: | |
| status: | Fix Committed → Fix Released |
| visibility: | private → public |
To post a comment you must log in.
Fixed in stable r12691 <http://