Details

      Description

      Steps to reproduce:

      1. Create a Site with the name "<script>alert("test");</script>"
      2. Assert page is redirected to Site Settings for site
      3. Click "Go to other site" by site name in site administration menu
      4. Go to "My Sites" tab

      Expected result:

      JavaScript from site title does not execute and site name is apparent

      Actual result:

      JavaScript from site title executes and site name is not apparent

      Reproduced on:

      Tomcat 9.0.10 + MySQL 5.7.

      Portal Master GIT Commit: 781476802d5bd4435f4fbb49cf1f73b1e9b95398

        Attachments

          Activity

            People

            Assignee:
            brooke.dalton Brooke Dalton
            Reporter:
            brooke.dalton Brooke Dalton
            Participants of an Issue:
            Recent user:
            Tibor Lipusz
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              1 year, 31 weeks, 6 days ago

                Packages

                Version Package
                7.2.0 GA1
                7.2.10 DXP GA1