[CONFSERVER-43341] Inconsistent escaping returned by Confluence Search

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 5.10.6
Affects Version/s: 5.9.12, 5.10.3
Component/s: Core - Content REST APIs
Labels:
- affects-server

Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

When using the CQLSearchService the response returned is inconsistently escaped. If using the highlight strategy, the body content is escaped and the title is not.

In addition, the actual characters escaped is inconsistent, For example, & lt; should be escaped to & amp;lt; but isn't, while < is correctly escaped to & lt;.

This seems like it would result in an XSS issue, but it appears to be ok in Confluence search.

is related to

CONFSERVER-43162 XSS in newFileName Field

Closed

mentioned in: Page Failed to load; Page Failed to load; Page Failed to load

Form Name

Clement Capiaux (Inactive) added a comment - 31/Aug/2016 1:48 AM

Awesome, I'll wait for this ticket to be updated when it's publicly released then, thanks

Clement Capiaux (Inactive) added a comment - 31/Aug/2016 1:48 AM Awesome, I'll wait for this ticket to be updated when it's publicly released then, thanks

Assignee:: Minh Tran

Reporter:: Ziming Wang

Affected customers:: 0 This affects my team

Watchers:: 5 Start watching this issue

Created:: 01/Aug/2016 3:30 AM

Updated:: 11/Oct/2018 9:08 AM

Resolved:: 14/Sep/2016 2:18 AM

Details

Description

Attachments

Issue Links

Forms

Activity

Collapse comment: Clement Capiaux (Inactive) added a comment - 31/Aug/2016 1:48 AM

Expand comment: Clement Capiaux (Inactive) added a comment - 31/Aug/2016 1:48 AM

People

Dates