[jboss-jira] [JBoss JIRA] Created: (JBPORTAL-2449) Portlet preferences XSS validations in AdminPortlet (Portlet instances) should be disabled
Marek Posolda (JIRA)
jira-events at lists.jboss.org
Tue Aug 18 09:15:26 EDT 2009
Portlet preferences XSS validations in AdminPortlet (Portlet instances) should be disabled
------------------------------------------------------------------------------------------
Key: JBPORTAL-2449
URL: https://jira.jboss.org/jira/browse/JBPORTAL-2449
Project: JBoss Portal
Issue Type: Bug
Security Level: Public (Everyone can see)
Affects Versions: 2.7.2 Final
Environment: Sun JDK 1.5,
JBoss AS 4.2.3.GA,
JBoss Portal from branch27
Reporter: Marek Posolda
Fix For: 2.8 Final
See comments in JBEPP-104. Issue is fixed in EPP43 branch but not in branch27. Description of issue:
1) Go to http://localhost:8080/portal/auth/portal/admin
2) Go to "portlet definitions" and create new instance of Content Management System Portlet
3) Go to "portlet instances" and go to portlet preferences of new CMSPortlet instance.
4) Try to change "indexpage" preference to value: "/default/indexx.html". Click to button "Update".
5) You have validation message that characters / and . are not permitted (but they should be).
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list