Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-13834

user names can contain characters that prevent that user from accessing their own personal space

XMLWordPrintable

      1. Add new user with user name that contains special characters e.g. <script>alert('free')</script>
      2. User created
      3. Login as new user and create personal space
      4. Personal space created but links to it result in page not found error

      For this example the link provided is encoded as;
      http://localhost:8080/confluence/display/~%253Cscript%253Ealert%2528%2527free%2527%2529%253C%252Fscript%253E

            Unassigned Unassigned
            aprentice Andrew Prentice (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: