Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-29770

Popup if tool description saved on home with html content

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: CLOSED
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 10.0
    • Fix Version/s: 10.6
    • Component/s: Site Info, Web Content
    • Labels:
      None
    • 10 status:
      Resolved
    • Test Plan:
      Hide
      • Create a new site (either type)
      • Make sure home and site info (the defaults) are selected)
      • Go to that site
      • Click the edit (pencil in 11) icon in Site Information Display on Home
      • In the description enter
        <p>p text</p><script>XSS</script>
      • Click Update, you should get a popup warning and just the text between the <p> tags. Click the pencil again, the text should be gone. (In 10.x the text wasn't removed)
      • Click Update again, there should be no warning
      • Go into Site Info
      • Click "Edit Site Information"
      • Click Source
      • Paste the same text in the description
        <p>p text</p><script>XSS</script>
      • Click continue, you should get a popup
      • Click Home, you should get no warning, clicking the pencil should just show the <p> text.
      Show
      Create a new site (either type) Make sure home and site info (the defaults) are selected) Go to that site Click the edit (pencil in 11) icon in Site Information Display on Home In the description enter <p>p text</p><script>XSS</script> Click Update, you should get a popup warning and just the text between the <p> tags. Click the pencil again, the text should be gone. (In 10.x the text wasn't removed) Click Update again, there should be no warning Go into Site Info Click "Edit Site Information" Click Source Paste the same text in the description <p>p text</p><script>XSS</script> Click continue, you should get a popup Click Home, you should get no warning, clicking the pencil should just show the <p> text.

      Description

      The growl style notifications in 10 look like the broke the fix on SAK-24335. This is going to need to be updated so that the content is saved on input.

        Gliffy Diagrams

          Zeplin

            Attachments

              Issue Links

              relates to

              Bug - A problem which impairs or prevents functionality of the product. SAK-25359 Modify portal to display a growl-style notification indicating the user-entered HTML has been changed

              • Major - Major loss of function or need for functionality in production in the near future.
              • CLOSED

              Bug - A problem which impairs or prevents functionality of the product. SAK-24335 Home (My Workspace Site Info) text processing inconsistent with site Info tool description

              • Major - Major loss of function or need for functionality in production in the near future.
              • Verified

                Activity

                  People

                  • Assignee:
                    jonespm Matthew Jones
                    Reporter:
                    jonespm Matthew Jones
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    4 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved:

                      Git Integration