-
Bug
-
Resolution: Fixed
-
Low
-
5.9.12, 5.10.3
-
Severity 3 - Minor
-
When using the CQLSearchService the response returned is inconsistently escaped. If using the highlight strategy, the body content is escaped and the title is not.
In addition, the actual characters escaped is inconsistent, For example, & lt; should be escaped to & amp;lt; but isn't, while < is correctly escaped to & lt;.
This seems like it would result in an XSS issue, but it appears to be ok in Confluence search.
- is related to
-
-
- Closed
-
![[Extranet] Page](/images/icons/generic_link_16.png "[Extranet] Page"){kind=icon}
[CONFSERVER-43341] Inconsistent escaping returned by Confluence Search
| Workflow | Original: JAC Bug Workflow v3 [ 2901697 ] | New: CONFSERVER Bug Workflow v4 [ 2996276 ] |
| Workflow | Original: JAC Bug Workflow v2 [ 2798124 ] | New: JAC Bug Workflow v3 [ 2901697 ] |
| Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
| Workflow | Original: JAC Bug Workflow [ 2723093 ] | New: JAC Bug Workflow v2 [ 2798124 ] |
| Symptom Severity | Original: Minor [ 14432 ] | New: Severity 3 - Minor [ 15832 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2386159 ] | New: JAC Bug Workflow [ 2723093 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 2283128 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2386159 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2223721 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 2283128 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2177030 ] | New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2223721 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 1941908 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2177030 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v3 [ 1739450 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 1941908 ] |