Bug #602

html tags are not escaped when presented in status information

Added by dnsmichi almost 4 years ago. Updated over 3 years ago.

Status:ClosedStart date:07/08/2010
Priority:LowDue date:
Assignee:Meier% Done:

0%

Category:-
Target version:-
Icinga Version: Browser Version:

Description

http://tracker.nagios.org/view.php?id=74

 Summary       0000074: html tags are not escaped when presented in status information
Description     Html tags are not escaped when presented in status information which causes that status information page can be easily "broken" by feeding with weird html tags.

Attached screenshot shows the problem. 

htmlbug.png (26.9 KB) dnsmichi, 07/08/2010 06:50 pm

History

#1 Updated by dnsmichi almost 4 years ago

#2 Updated by Meier almost 4 years ago

  • Status changed from New to Feedback

Asked for more info on the upstream tracker

#3 Updated by dnsmichi over 3 years ago

  • Project changed from Core to Classic UI
  • Category deleted (Classical UI)

#4 Updated by dnsmichi over 3 years ago

  • Assignee set to Meier
  • Priority changed from Normal to Low

please look at it, and if this is not really important, close it.

#5 Updated by Meier over 3 years ago

  • Status changed from Feedback to Closed

There is still no feedback from the original author.
Of course plugin output with HTML tags can break everything that is exactly the reason why it can be disabled.

Also available in: Atom PDF