Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-21139

An "Open Script Tag" <script> in the title of a "Blogs Entry" throws Exceptions when viewed

    Details

    • Branch Version/s:
      6.0.x
    • Backported to Branch:
      Committed

      Description

      1. Add the Blogs Portlet.
      2. Add the Blogs Aggregator Portlet to another page.
      3. Add a Blogs Entry with the title "<script>alert(hello)"

        For 6.1.x:

      • Viewing the Blogs Portlet will throw the attached exception.
      • The Blogs Aggregator Portlet will be displayed like the attached screenshot.
      • Viewing the Blogs Aggregator Portlet will throw the attached exception.

        For 6.0.x:

      • Viewing the Blogs Portlet will NOT throw the attached exception.
      • The Blogs Aggregator Portlet will be displayed like the attached screenshot.
      • Viewing the Blogs Aggregator Portlet will throw the attached exception.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                5 years, 35 weeks, 6 days ago