Details
-
Bug
-
Resolution: Fixed
-
Medium
-
2.7.0
Description
Steps to produce
- Drop a comment in Stash pull request contains this:
<char - >
Note that 'char' can be any character or word.
- Click 'Comment' or 'Preview'.
Results
A popup error will appear and the following will appear in the logs:
2013-09-04 21:14:17,715 ERROR [http-bio-7990-exec-5] admin 1274x238x1 1py0zr1 0:0:0:0:0:0:0:1 "POST /rest/api/latest/markup/preview HTTP/1.1" c.a.s.r.e.UnhandledExceptionMapper Unhandled exception while processing REST call java.lang.RuntimeException: org.owasp.validator.html.ScanException: org.w3c.dom.DOMException: INVALID_CHARACTER_ERR: An invalid or illegal XML character is specified. at com.atlassian.markup.internal.MarkupFactoryImpl$AntiSamyParser.clean(MarkupFactoryImpl.java:98) ~[na:na] at com.atlassian.markup.internal.MarkupFactoryImpl$AntiSamyParser.markup(MarkupFactoryImpl.java:91) ~[na:na] at com.atlassian.stash.internal.markup.DefaultMarkupService$2.apply(DefaultMarkupService.java:78) ~[stash-service-impl-2.7.0.jar:na] at com.atlassian.stash.internal.markup.DefaultMarkupService$2.apply(DefaultMarkupService.java:75) ~[stash-service-impl-2.7.0.jar:na] at com.atlassian.markup.renderer.impl.MarkupRendererImpl.render(MarkupRendererImpl.java:38) ~[atlassian-markup-renderer-0.2.2.jar:na] at com.atlassian.stash.internal.markup.DefaultMarkupService.render(DefaultMarkupService.java:58) ~[stash-service-impl-2.7.0.jar:na] at sun.reflect.GeneratedMethodAccessor478.invoke(Unknown Source) ~[na:na] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_25] at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_25] at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) ~[spring-aop-3.2.3.RELEASE.jar:3.2.3.RELEASE] at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) ~[spring-aop-3.2.3.RELEASE.jar:3.2.3.RELEASE] at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) ~[spring-aop-3.2.3.RELEASE.jar:3.2.3.RELEASE]
Attachments
Issue Links
- is duplicated by
-
BSERV-4179 Unescaped XML character in pull request comment
- Closed