Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-3635

Html in PR comments not encoded

    XMLWordPrintable

Details

    Description

      I wrote this comment:

      This will be very hard to read in the javadoc. Add <br>s or <li>s or at least semi-colons between lines.

      The html wasn't escaped and is parsed by the browser. Not cool. I can't comment or edit comments any more on the PR, and if I weren't really busy I'd be hunting for XSS attacks.

      https://stash.atlassian.com/projects/CONF/repos/confluence/pull-requests/1331/overview?commentId=9508 is the review in question

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. BSERV-3910 Stash doesn't escape HTML in commit messages

          • High - High priority issues
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. BSERV-3295 Comment Date format changes from relative to absolute dates unexpectedly

          • Low - Low priority issues
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. BSERV-4510 using certain comment make reply/edit/delete buttons unusable

          • Low - Low priority issues
          • Closed

          Activity

            People

              jhinch jhinch (Atlassian)
              don.willis@atlassian.com Don Willis
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: