Uploaded image for project: 'Confluence Cloud'
  1. Confluence Cloud
  2. CONFCLOUD-54376

Unsafe i18n calls

    XMLWordPrintable

Details

    Description

      The following i18n calls are passed unsafe variables. This means that while a vulnerability is not currently present in the English version, it is possible that vulnerabilities could exist in translations produced by well-meaning parties.

      Additionally, seemingly safe changes to these i18n keys could introduce vulnerabilities which would not be picked up again by our scanner.

      Unsafe i18n calls:
      confluence-core/confluence-webapp/src/main/webapp/pages/removecomment.vm

      $action.getText("title.remove.comment", [$action.getPage().getTitle()])

      confluence-core/confluence-webapp/src/main/webapp/template/includes/page-move-templates.vm:

      $i18n.getText("move.page.dialog.location.description", [$page.title])

      $i18n.getText('tip.edit.movepage.search', [$page.title])

      These variables are currently unused in the English translations, so could be removed. Alternatively, they could be escaped by replacing the lines with the following (respectively):

      confluence-core/confluence-webapp/src/main/webapp/pages/removecomment.vm

      $action.getText("title.remove.comment", ["$action.getPage().getTitle()"])

      confluence-core/confluence-webapp/src/main/webapp/template/includes/page-move-templates.vm:

      $i18n.getText("move.page.dialog.location.description", ["$page.title"])

      $i18n.getText('tip.edit.movepage.search', ["$page.title"])

      Attachments

        Activity

          People

            xtaixe Xavier Sanchez
            kburnett Karla Burnett [Atlassian]
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: