Bug #602

html tags are not escaped when presented in status information

Added by dnsmichi almost 5 years ago. Updated 7 months ago.

Status:ClosedStart date:07/08/2010
Priority:LowDue date:
Assignee:Meier% Done:

0%

Category:Classic UI
Target version:-
Icinga Version:1.10.0 OS Version:any

Description

http://tracker.nagios.org/view.php?id=74

 Summary       0000074: html tags are not escaped when presented in status information
Description     Html tags are not escaped when presented in status information which causes that status information page can be easily "broken" by feeding with weird html tags.

Attached screenshot shows the problem. 

htmlbug.png (26.9 KB) dnsmichi, 07/08/2010 06:50 PM

History

#1 Updated by dnsmichi almost 5 years ago

#2 Updated by Meier almost 5 years ago

  • Status changed from New to Feedback

Asked for more info on the upstream tracker

#3 Updated by dnsmichi almost 5 years ago

  • Project changed from Core, Classic UI, IDOUtils to 19
  • Category deleted (Classic UI)

#4 Updated by dnsmichi almost 5 years ago

  • Assignee set to Meier
  • Priority changed from Normal to Low

please look at it, and if this is not really important, close it.

#5 Updated by Meier almost 5 years ago

  • Status changed from Feedback to Closed

There is still no feedback from the original author.
Of course plugin output with HTML tags can break everything that is exactly the reason why it can be disabled.

#6 Updated by dnsmichi 7 months ago

  • Project changed from 19 to Core, Classic UI, IDOUtils
  • Category set to Classic UI
  • Icinga Version set to 1.10.0
  • OS Version set to any

Also available in: Atom PDF