From jira-events at lists.jboss.org Thu May 2 05:01:53 2013 Content-Type: multipart/mixed; boundary="===============8028843040180720492==" MIME-Version: 1.0 From: Trong Tran (JIRA) To: gatein-issues at lists.jboss.org Subject: [gatein-issues] [JBoss JIRA] (GTNPORTAL-2974) XSS vunerability on user 's job title Date: Thu, 02 May 2013 05:01:53 -0400 Message-ID: In-Reply-To: JIRA.12490948.1367481743000@jira02.app.mwc.hst.phx2.redhat.com --===============8028843040180720492== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable [ https://issues.jboss.org/browse/GTNPORTAL-2974?page=3Dcom.atlassian.= jira.plugin.system.issuetabpanels:all-tabpanel ] Trong Tran resolved GTNPORTAL-2974. ----------------------------------- Resolution: Won't Fix We should not persist encoded value into database. it must be encoded when displaying corresponding to the client type ( the b= rowser for instance ) = > XSS vunerability on user 's job title > ------------------------------------- > > Key: GTNPORTAL-2974 > URL: https://issues.jboss.org/browse/GTNPORTAL-2974 > Project: GateIn Portal > Issue Type: Bug > Security Level: Public(Everyone can see) = > Reporter: Minh Hoang TO > > While creating a new user with job title taking the value '', the value of this user profile attribute is not encoded befo= re being persisted into database. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrato= rs For more information on JIRA, see: http://www.atlassian.com/software/jira --===============8028843040180720492==--