Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-13834

user names can contain characters that prevent that user from accessing their own personal space

XMLWordPrintable

      1. Add new user with user name that contains special characters e.g. <script>alert('free')</script>
      2. User created
      3. Login as new user and create personal space
      4. Personal space created but links to it result in page not found error

      For this example the link provided is encoded as;
      http://localhost:8080/confluence/display/~%253Cscript%253Ealert%2528%2527free%2527%2529%253C%252Fscript%253E

              Unassigned Unassigned
              aprentice Andrew Prentice (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: