Defect #6969

Less-than sign in issue description and comments are not escaped

Added by Magnus Henoch over 12 years ago. Updated over 2 years ago.

Status:ReopenedStart date:2010-11-24
Priority:NormalDue date:
Assignee:Jean-Philippe Lang% Done:

0%

Category:Text formatting
Target version:Candidate for next major release
Resolution:Fixed Affected version:1.0.3

Description

When an issue description or comment contains a less-than sign (<), this sign is output verbatim in the issue page, instead of being escaped with ampersand-"lt"-semicolon. This causes the issue details page to be invalid XHTML, which is contrary to the page's doctype, and makes it impossible to read the page with an XML parser. I created an issue on the demo site to demonstrate the problem.

To reproduce, run xmllint URL-OF-ISSUE-PAGE, like this:

$ xmllint http://demo.redmine.org/issues/38181
http://demo.redmine.org/issues/38181:166: parser error : StartTag: invalid element name
<p>Hm: <</p>
        ^
http://demo.redmine.org/issues/38181:241: parser error : StartTag: invalid element name
mg alt="Comment" src="/images/comment.png?1286930539" /></a></div><p>And this? <
                                                                               ^
http://demo.redmine.org/issues/38181:330: parser error : Entity 'copy' not defined
    Powered by <a href="http://www.redmine.org/">Redmine</a> &copy; 2006-2010 Je
                                                                   ^

The third error is a false positive (xmllint doesn't know XHTML entities), but the first two errors are symptoms of this problem.

issue6969_test_escaping.diff Magnifier (576 Bytes) Go MAEDA, 2015-10-01 10:26

Related issues

Related to Redmine - Defect #21202: Left aligned sign in tabular is not worked since applying... Closed

Associated revisions

Revision 14812
Added by Jean-Philippe Lang over 7 years ago

Fixed that less-than sign is not escaped by textile formatter (#6969).

Revision 14834
Added by Jean-Philippe Lang over 7 years ago

Merged r14812 (#6969).

Revision 14835
Added by Jean-Philippe Lang over 7 years ago

Merged r14812 (#6969).

Revision 14836
Added by Jean-Philippe Lang over 7 years ago

Merged r14812 (#6969).

Revision 14863
Added by Jean-Philippe Lang over 7 years ago

Reverts r14812 (#6969).

Revision 14864
Added by Jean-Philippe Lang over 7 years ago

Merged r14863 (#6969).

Revision 14865
Added by Jean-Philippe Lang over 7 years ago

Merged r14863 (#6969).

Revision 14866
Added by Jean-Philippe Lang over 7 years ago

Merged r14863 (#6969).

Revision 14867
Added by Jean-Philippe Lang over 7 years ago

Adds a test for #21202 (#6969).

History

#1 Updated by Go MAEDA over 7 years ago

  • File issue6969_test_escaping.diffMagnifier added
  • Category changed from Issues to Security
  • Status changed from New to Confirmed
  • Private changed from No to Yes

Thank you for reporting this issue.

Textile formatter in the latest trunk (r14634) is still affected.
Here is a test to catch this issue: issue6969_test_escaping.diff

#2 Updated by Toshi MARUYAMA over 7 years ago

  • Target version set to 2.6.8

#3 Updated by Jean-Philippe Lang over 7 years ago

  • Category changed from Security to Text formatting
  • Status changed from Confirmed to Resolved
  • Assignee set to Jean-Philippe Lang
  • Private changed from Yes to No
  • Resolution set to Fixed

Fixed in r14812.

#4 Updated by Jean-Philippe Lang over 7 years ago

  • Status changed from Resolved to Closed

#5 Updated by Jean-Philippe Lang over 7 years ago

  • Related to Defect #21202: Left aligned sign in tabular is not worked since applying #6969 added

#6 Updated by Jean-Philippe Lang over 7 years ago

  • Status changed from Closed to Reopened
  • Target version changed from 2.6.8 to Candidate for next major release

Fix reverted, see #21202.

Also available in: Atom PDF