Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Custom template notes should not allow images to be used #5805

Closed
huib-portainer opened this issue Oct 1, 2021 · 0 comments
Closed

Custom template notes should not allow images to be used #5805

huib-portainer opened this issue Oct 1, 2021 · 0 comments
Labels
bug/confirmed internal/jira kind/bug Applied to Bugs
Milestone
CE-2.9.1

Comments

@huib-portainer
Copy link
Contributor

huib-portainer commented Oct 1, 2021
edited
Loading

Bug description
The custom template notes currently can contain images.
Requests to third party images would leak information of the user/admin such as IP, browser, location, etc

Same for Teams name and Environment Tags name.

Expected behavior
Disallow the <img> tag in these fields.

Additional context
There isn't a way to directly inject javascript.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug/confirmed internal/jira kind/bug Applied to Bugs
Projects
None yet
Milestone
CE-2.9.1
Development

No branches or pull requests
1 participant
@huib-portainer