[gatein-issues] [JBoss JIRA] (GTNPORTAL-2514) Html tags included in exception messages are escaped
Trong Tran (JIRA)
jira-events at lists.jboss.org
Tue Jul 24 04:46:07 EDT 2012
[ https://issues.jboss.org/browse/GTNPORTAL-2514?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12707484#comment-12707484 ]
Trong Tran commented on GTNPORTAL-2514:
---------------------------------------
I confirmed that this issue was introduced by a fix of XSS issues ( actually it's GTNPORTAL-1858 ).
However, using HTML to control the format of message seems not to be a proper way. Could you find another way to handle it ?
> Html tags included in exception messages are escaped
> ----------------------------------------------------
>
> Key: GTNPORTAL-2514
> URL: https://issues.jboss.org/browse/GTNPORTAL-2514
> Project: GateIn Portal
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: WebUI
> Affects Versions: 3.2.0-GA
> Environment: EPP-SP 5.2.1-GA
> Reporter: boughzela Aymen
> Attachments: exo-ecms-core-webui-2.3.6-CP01.jar
>
>
> We have some customized exception message includes some html tags, such as "<br/>", etc.
> We expect those html tags could help format the exception messages showing on the dialog popup box triggered by Site Publisher UI.
> However, the html tags apparently are escaped on the UI. It just shows what it is. This was not happening in EPP 5.1.1.
> In EPP5.1
> The message would have been
> --------------------------
> Exception1
> Exception2
> ---------------------------
> i.e <br/> acts like a line break.
> In EPP5.2.1
> I am getting
> Exception1<br/>Exception2
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the gatein-issues
mailing list