Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-37930

After the antisamy hook is deployed, I can not see the XSS popup message in blog portlet.

    XMLWordPrintable

    Details

    • Type: Regression Bug
    • Status: Closed
    • Resolution: Won't Fix
    • Affects Version/s: 6.1.20 EE GA2, 6.1.30 EE GA3, 6.1.X EE, 6.2.0 CE B1
    • Fix Version/s: 6.1.30 EE GA3, 6.1.X EE, 6.2.0 CE B1
    • Component/s: Security Vulnerability
    • Labels:
      None
    • Environment:

      Description

      Step to reproduce:

      1. Deploy antisamy-hook portlet.
      2. Add blogs portlet, click add blog entry, fill
      <p>
      This is an xss test</p>
      <script>alert("Variant 0. This is an xss test");</script>
      <p>
      Did it work?</p> to content, click save.

      Expected result:
      Assert that 'Variant 0. This is an xss test' displays in pop up.

      Actual result:
      No pop up message.

      Discovered with testing, step 7:
      https://github.com/liferay/liferay-qa-ee/tree/master/liferay-portal/6.1.x/rss/6.1 - LP - RSS - XSS.markdown

        Attachments

          Activity

            People

            • Assignee:
              samuel.kong Samuel Kong
              Reporter:
              luyang.tan Luyang Tan (Inactive)
              Participants of an Issue:
              Recent user:
              Esther Sanz
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                7 years, 4 weeks, 2 days ago

                Packages

                Version Package
                6.1.30 EE GA3
                6.1.X EE
                6.2.0 CE B1