Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-79409

Blogs Entry content editor doesn't delete JavaScript when save

    Details

    • Type: Regression Bug
    • Status: Closed
    • Resolution: Won't Fix
    • Affects Version/s: Master
    • Fix Version/s: None
    • Component/s: Collaboration > Blogs
    • Labels:
    • Story Points:
      1
    • Fix Priority:
      3
    • Last Working Version:

      Description

      Script code in content is not removed when publish Blogs Entry. It is removed when edit Blogs Entry.

      Steps:

      1. Create new Blogs Entry
      2. Add JavaScript code to content (e.g. <script>alert("bug")</script>)
      3. Publish it
      4. Add the Blogs Entry to a page
      5. Edit the Blogs Entry

      Expected result: JS code is not saved when publish so it is not executed when add it to a page
      Actual result: JS code is not removed and it is executed when add it to a page. It is removed when edit it

      NOTE: JS code is not removed in Web Content at all.

      Reproducible:

      • Ubuntu 16.04, MySQL 5.7, Tomcat 8.0.32
      • 7.0.x Master git #69416ec, 7.0.x nightly Master 20180311,  - Chrome, FF

      Not reproducible:

      • 7.0.4 GA5 - Chrome, FF

      Fix priority: S3 + L3 = 3

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                1 year, 32 weeks ago

                Packages

                Version Package