Uploaded image for project: 'Grouper'
  1. Grouper
  2. GRP-1222

xss vulnerability in tooltips in new UI

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Minor
    • 2.2.2.patch, 2.2.3, 2.3.0
    • 2.2.0, 2.2.1, 2.2.2
    • UI
    • None

    Description

      Data in tooltips in the new UI are escaped for HTML, but they need to be escaped twice. You need to change the templates that display grouper objects to escape twice like the commit in thie jira. You can either edit the grouper.text.en.us.base.properties file directly (per the commit), or install the patch (if you are in 2.2.2). If you are in 2.2.1, you can upgrade to 2.2.2 to get the patch.

      Attachments

        Activity

          People

            chris.hyzer@at.internet2.edu Chris Hyzer (upenn.edu)
            chris.hyzer@at.internet2.edu Chris Hyzer (upenn.edu)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: