Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-3910

Stash doesn't escape HTML in commit messages

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • High
    • None
    • None
    • Rendering - Markdown Syntax
    • None

    Description

      Stash doesn't escape HTML in commit messages at least in pull requests which creates a security risk if people submitting pull requests aren't fully trusted.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. BSERV-3635 Html in PR comments not encoded

          • Low - Low priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              4c10a4730e87 m_gol
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: