XSS issue in dashboard new page creation ---------------------------------------- Key: GTNPORTAL-1858 URL: https://issues.jboss.org/browse/GTNPORTAL-1858 Project: GateIn Portal Issue Type: Bug Security Level: Public (Everyone can see) Reporter: Thomas Heute Assignee: Thomas Heute Fix For: 3.2.0-GA this issue has two subdivisions: 1. basic page add login click on dashboard, to the "on page editor" click on the "plus" button to add new page and set "<script>alert('hi');</script>" as its name the javascript is now invoked 2. advanced page add login, go to dashboard click dashboard editor -> add new page put "whatever" to node name and "<script>alert('hi');</script>" as node description click next, next the javascript is invoked -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira