user names can contain characters that prevent that user from accessing their own personal space

XMLWordPrintable

      1. Add new user with user name that contains special characters e.g. <script>alert('free')</script>
      2. User created
      3. Login as new user and create personal space
      4. Personal space created but links to it result in page not found error

      For this example the link provided is encoded as;
      http://localhost:8080/confluence/display/~%253Cscript%253Ealert%2528%2527free%2527%2529%253C%252Fscript%253E

              Assignee:
              Unassigned
              Reporter:
              Andrew Prentice (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: