Details

      Description

      Steps to reproduce:

      1. Create a Site with the name "<script>alert("test");</script>"
      2. Assert page is redirected to Site Settings for site
      3. Click "Go to other site" by site name in site administration menu
      4. Go to "My Sites" tab

      Expected result:

      JavaScript from site title does not execute and site name is apparent

      Actual result:

      JavaScript from site title executes and site name is not apparent

      Reproduced on:

      Tomcat 9.0.10 + MySQL 5.7.

      Portal Master GIT Commit: 781476802d5bd4435f4fbb49cf1f73b1e9b95398

        Attachments

          Activity

            People

            • Assignee:
              brooke.dalton Brooke Dalton
              Reporter:
              brooke.dalton Brooke Dalton
              Participants of an Issue:
              Recent user:
              Samuel Kong
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                31 weeks, 6 days ago

                Packages

                Version Package
                Master