Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-13834

user names can contain characters that prevent that user from accessing their own personal space

    XMLWordPrintable

Details

    Description

      1. Add new user with user name that contains special characters e.g. <script>alert('free')</script>
      2. User created
      3. Login as new user and create personal space
      4. Personal space created but links to it result in page not found error

      For this example the link provided is encoded as;
      http://localhost:8080/confluence/display/~%253Cscript%253Ealert%2528%2527free%2527%2529%253C%252Fscript%253E

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-13479 Special characters eg. back slash, forward slash, plus sign in username breaks Personal Space

          • Medium - Medium priority issues
          • Gathering Impact

          Activity

            People

              Unassigned Unassigned
              aprentice Andrew Prentice (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: