Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-37930

After the antisamy hook is deployed, I can not see the XSS popup message in blog portlet.

    XMLWordPrintable

    Details

    • Type: Regression Bug
    • Status: Closed
    • Resolution: Won't Fix
    • Affects Version/s: 6.1.20 EE GA2, 6.1.30 EE GA3, 6.1.X EE, 6.2.0 CE B1
    • Fix Version/s: 6.1.30 EE GA3, 6.1.X EE, 6.2.0 CE B1
    • Component/s: Security Vulnerability
    • Labels:
      None
    • Environment:

      Description

      Step to reproduce:

      1. Deploy antisamy-hook portlet.
      2. Add blogs portlet, click add blog entry, fill
      <p>
      This is an xss test</p>
      <script>alert("Variant 0. This is an xss test");</script>
      <p>
      Did it work?</p> to content, click save.

      Expected result:
      Assert that 'Variant 0. This is an xss test' displays in pop up.

      Actual result:
      No pop up message.

      Discovered with testing, step 7:
      https://github.com/liferay/liferay-qa-ee/tree/master/liferay-portal/6.1.x/rss/6.1 - LP - RSS - XSS.markdown

        Attachments

          Activity

            People

            Assignee:
            samuel.kong Samuel Kong
            Reporter:
            luyang.tan Luyang Tan (Inactive)
            Participants of an Issue:
            Recent user:
            Esther Sanz
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              7 years, 33 weeks, 4 days ago

                Packages

                Version Package
                6.1.30 EE GA3
                6.1.X EE
                6.2.0 CE B1