[gatein-issues] [JBoss JIRA] (GTNPORTAL-2514) Html tags included in exception messages are escaped
[
https://issues.jboss.org/browse/GTNPORTAL-2514?page=com.atlassian.jira.pl...
]
Trong Tran commented on GTNPORTAL-2514:
---------------------------------------
I confirmed that this issue was introduced by a fix of XSS issues ( actually it's
GTNPORTAL-1858 ).
However, using HTML to control the format of message seems not to be a proper way. Could
you find another way to handle it ?
Html tags included in exception messages are escaped
----------------------------------------------------
Key: GTNPORTAL-2514
URL: https://issues.jboss.org/browse/GTNPORTAL-2514
Project: GateIn Portal
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: WebUI
Affects Versions: 3.2.0-GA
Environment: EPP-SP 5.2.1-GA
Reporter: boughzela Aymen
Attachments: exo-ecms-core-webui-2.3.6-CP01.jar
We have some customized exception message includes some html tags, such as
"<br/>", etc.
We expect those html tags could help format the exception messages showing on the dialog
popup box triggered by Site Publisher UI.
However, the html tags apparently are escaped on the UI. It just shows what it is. This
was not happening in EPP 5.1.1.
In EPP5.1
The message would have been
--------------------------
Exception1
Exception2
---------------------------
i.e <br/> acts like a line break.
In EPP5.2.1
I am getting
Exception1<br/>Exception2
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira