New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
text_view renders html markup #5814
Comments
wardi
added a commit
that referenced
this issue
Jan 7, 2021
wardi
added a commit
that referenced
this issue
Jan 16, 2021
Co-authored-by: Jari Voutilainen <jari.voutilainen@iki.fi>
Zharktas
added a commit
that referenced
this issue
Jan 18, 2021
[#5814] textview: escape text formats
amercader
pushed a commit
that referenced
this issue
Jan 28, 2021
amercader
pushed a commit
that referenced
this issue
Jan 28, 2021
Co-authored-by: Jari Voutilainen <jari.voutilainen@iki.fi>
amercader
pushed a commit
that referenced
this issue
Jan 28, 2021
amercader
pushed a commit
that referenced
this issue
Jan 28, 2021
Co-authored-by: Jari Voutilainen <jari.voutilainen@iki.fi>
amercader
pushed a commit
that referenced
this issue
Jan 28, 2021
amercader
pushed a commit
that referenced
this issue
Jan 28, 2021
Co-authored-by: Jari Voutilainen <jari.voutilainen@iki.fi>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CKAN version 2.9.1
Describe the bug
The text_view renders html elements if they occur in a text file.
Steps to reproduce
Create resource and upload the following text file:
foo.txt with content
The text view actually displays this as an input field:
Expected behavior
Text view just renders everything as plain text
Additional details
I didn't test what else can be injected that way. Could this even allow XSS attacks?
The text was updated successfully, but these errors were encountered: