Details
-
Bug
-
Resolution: Fixed
-
Low
-
2.5.0
Description
I wrote this comment:
This will be very hard to read in the javadoc. Add <br>s or <li>s or at least semi-colons between lines.
The html wasn't escaped and is parsed by the browser. Not cool. I can't comment or edit comments any more on the PR, and if I weren't really busy I'd be hunting for XSS attacks.
https://stash.atlassian.com/projects/CONF/repos/confluence/pull-requests/1331/overview?commentId=9508 is the review in question
Attachments
Issue Links
- is duplicated by
-
BSERV-3910 Stash doesn't escape HTML in commit messages
- Closed
-
BSERV-3295 Comment Date format changes from relative to absolute dates unexpectedly
- Closed
-
BSERV-4510 using certain comment make reply/edit/delete buttons unusable
- Closed