Uploaded image for project: '[Read Only] - Hippo GOGREEN'
  1. [Read Only] - Hippo GOGREEN
  2. GOGREEN-1076

Not all '<' and '>' are stripped from the search query

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Normal
    • Resolution: Fixed
    • 3.07.00
    • 3.07.01
    • None

    Description

      The characters '<' or '>' are stripped from the search keyword before a search is done, to prevent the XSS filter from returning a 400 page. However, only the first occurence of '<' and '>' is replaced, so you still get a 400 page is the search keywords contain more than one < or >.

      Steps to reproduce:
      1. open the GoGreen site
      2. search for "<h1>bla</h1>" (without quotes)

      Expected: a search is done for "h1bla/h1"
      Actual: a 400 page is shown

      Attachments

        Activity

          People

            svoortman Simon Voortman (Inactive)
            mdenburger Mathijs den Burger (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: