[dev.icinga.com #602] html tags are not escaped when presented in status information #299

Closed
icinga-migration opened this Issue Jul 8, 2010 · 6 comments

Projects

None yet

1 participant

@icinga-migration
Member

This issue has been migrated from Redmine: https://dev.icinga.com/issues/602

Created by mfriedrich on 2010-07-08 16:49:52 +00:00

Assignee: Meier
Status: Closed (closed on 2010-08-12 18:43:00 +00:00)
Target Version: (none)
Last Update: 2014-12-08 09:50:25 +00:00 (in Redmine)

Icinga Version: 1.10.0
OS Version: any

http://tracker.nagios.org/view.php?id=74

 Summary    0000074: html tags are not escaped when presented in status information
Description     Html tags are not escaped when presented in status information which causes that status information page can be easily "broken" by feeding with weird html tags.

Attached screenshot shows the problem. 

Attachments

Member

Updated by mfriedrich on 2010-07-08 16:50:19 +00:00

  • File added htmlbug.png
Member

Updated by Meier on 2010-07-24 11:45:08 +00:00

  • Status changed from New to Feedback

Asked for more info on the upstream tracker

Member

Updated by mfriedrich on 2010-07-30 12:19:10 +00:00

  • Project changed from Core, Classic UI, IDOUtils to 19
  • Category deleted Classic UI
Member

Updated by mfriedrich on 2010-08-06 17:42:11 +00:00

  • Assigned to set to Meier
  • Priority changed from Normal to Low

please look at it, and if this is not really important, close it.

Member

Updated by Meier on 2010-08-12 18:43:00 +00:00

  • Status changed from Feedback to Closed

There is still no feedback from the original author.
Of course plugin output with HTML tags can break everything that is exactly the reason why it can be disabled.

Member

Updated by mfriedrich on 2014-12-08 09:50:26 +00:00

  • Project changed from 19 to Core, Classic UI, IDOUtils
  • Category set to Classic UI
  • Icinga Version set to 1
  • OS Version set to any
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment