Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-16184

emails not escaped properly

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • core
    • Fedora 17, Tomcat 6.0.35, Java 7, Latest Jenkins and plugins as of today

      On most pages, like these:

      https://ci.jenkins-ci.org/job/jenkins_rc_branch/changes
      https://ci.jenkins-ci.org/user/kohsuke/

      When the username is something like "Joe User <joe.user@example.com>", it is incorrectly escaped in the HTML as: 

      Joe User &lt;joe.user@example.com>

      Then on the changes page for a specific build:

      https://ci.jenkins-ci.org/job/jenkins_rc_branch/300/changes

      A username like the above wouldn't be escaped at all, so would be "Joe User <joe.user@example.com>" in the HTML.

      Of course the proper way to escape this would be:

      Joe User &lt;joe.user@example.com&gt;

      We are using the mercurial plugin with rhodecode as the mercurial server, and I'm not sure if it's the job of the SCM plugin to escape these or whatever outputs the HTML, though I would think the latter.

            danielbeck Daniel Beck
            moparisthebest Travis Burtrum
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: