Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-17862

Creating user anonymously using certain characters produces unexpected results.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: RESOLVED
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 2.7.0
    • Fix Version/s: 2.7.3 [tentative]
    • Component/s: Account
    • Labels:
      None
    • Environment:
      qa1-nl
    • CLE Team Issue:
      Yes

      Description

      On creating a user anonymously with the name <script>alert('xss');</script> .
      On logging in and clicking on a tool you get a site Unavailable and cannot return to the workspace. The URL given is:
      http://qa1-nl.sakaiproject.org/portal/site/~%3Cscript%3Ealert%28%27xss%27%29%5E%5Ex3B%5E%3C/script%3E

      Either the user should not be created or the login should work. This may indicator an issue with either the input filter.

        Gliffy Diagrams

          Zeplin

            Attachments

              Issue Links

                Activity

                  People

                  Assignee:
                  Unassigned Unassigned
                  Reporter:
                  a.m.berg@uva.nl Alan Berg
                  Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                    Dates

                    Created:
                    Updated:
                    Resolved:

                      Git Integration