Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-73623

Subject-body turned out to be blank when create a mb post through add-message API

    XMLWordPrintable

Details

    • 4

    Description

      Steps to reproduce:

      1. Make sure Antisamy is deployed (it's by default in 7.0)
      2. Make sure message.boards.message.formats.default=bbcode
      3. Add Message Boards portlet
      4. Create a new thread and retrieve its message ID (e.g. 30983 from http://localhost:8080/web/guest/home/-/message_boards/message/30983)
      5. Access add-message API
        http://localhost:8080/api/jsonws?contextName=&signature=%2Fmbmessage%2Fadd-message-9-parentMessageId-subject-body-format-inputStreamOVPs-anonymous-priority-allowPingbacks-serviceContext
      6. Fill in messageId, subject and body 
        parentMessageId - 30983
Subject - <script>alert(1)</script>
Body - <script>alert(1)</script>
Format - text/plain
inputStreamOVPs - []
Priority - 0
      7. Invoke
      8. View the new message.

      Expected result: The body should contain values "<script>alert(1)</script>".
      Actual result: The body is blank.

      Attachments

        Issue Links

          Discovered while testing

          Bug - A problem which impairs or prevents the functions of the product. LPS-70492 Cannot create a new message board post through add-message API

          • Closed

          Activity

            People

              joyce.wang Joyce Wang
              joyce.wang Joyce Wang
              Kiyoshi Lee Kiyoshi Lee
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                5 years, 41 weeks ago

                Packages

                  Version Package