Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-20800

HTML metacharacters not escaped in log messages

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Means XML tags are rendered raw in /log/*/ pages, which makes them generally invisible.

        Attachments

          Activity

          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Jesse Glick
          Path:
          changelog.html
          core/src/main/java/hudson/Functions.java
          core/src/test/java/hudson/FunctionsTest.java
          http://jenkins-ci.org/commit/jenkins/a900b488b527a25009e3536bc94e945f5fbfe4ad
          Log:
          [FIXED JENKINS-20800] HTML metacharacters not escaped in log messages.

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: changelog.html core/src/main/java/hudson/Functions.java core/src/test/java/hudson/FunctionsTest.java http://jenkins-ci.org/commit/jenkins/a900b488b527a25009e3536bc94e945f5fbfe4ad Log: [FIXED JENKINS-20800] HTML metacharacters not escaped in log messages.
          Hide
          dogfood dogfood added a comment -

          Integrated in jenkins_main_trunk #3081
          [FIXED JENKINS-20800] HTML metacharacters not escaped in log messages. (Revision a900b488b527a25009e3536bc94e945f5fbfe4ad)

          Result = SUCCESS
          Jesse Glick : a900b488b527a25009e3536bc94e945f5fbfe4ad
          Files :

          • core/src/main/java/hudson/Functions.java
          • changelog.html
          • core/src/test/java/hudson/FunctionsTest.java
          Show
          dogfood dogfood added a comment - Integrated in jenkins_main_trunk #3081 [FIXED JENKINS-20800] HTML metacharacters not escaped in log messages. (Revision a900b488b527a25009e3536bc94e945f5fbfe4ad) Result = SUCCESS Jesse Glick : a900b488b527a25009e3536bc94e945f5fbfe4ad Files : core/src/main/java/hudson/Functions.java changelog.html core/src/test/java/hudson/FunctionsTest.java
          Hide
          danielbeck Daniel Beck added a comment -

          Possible attack vector for malicious users who just need to trigger log messages with a script payload and wait for admins to access the log.

          Show
          danielbeck Daniel Beck added a comment - Possible attack vector for malicious users who just need to trigger log messages with a script payload and wait for admins to access the log.
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Jesse Glick
          Path:
          core/src/main/java/hudson/Functions.java
          core/src/test/java/hudson/FunctionsTest.java
          http://jenkins-ci.org/commit/jenkins/45666455f3d7ce8d80bd5885f5adbfd499fbb02e
          Log:
          [FIXED JENKINS-20800] HTML metacharacters not escaped in log messages.
          (cherry picked from commit a900b488b527a25009e3536bc94e945f5fbfe4ad)

          Conflicts:
          changelog.html
          core/src/main/java/hudson/Functions.java

          Compare: https://github.com/jenkinsci/jenkins/compare/5cf3e28c4885...45666455f3d7

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: core/src/main/java/hudson/Functions.java core/src/test/java/hudson/FunctionsTest.java http://jenkins-ci.org/commit/jenkins/45666455f3d7ce8d80bd5885f5adbfd499fbb02e Log: [FIXED JENKINS-20800] HTML metacharacters not escaped in log messages. (cherry picked from commit a900b488b527a25009e3536bc94e945f5fbfe4ad) Conflicts: changelog.html core/src/main/java/hudson/Functions.java Compare: https://github.com/jenkinsci/jenkins/compare/5cf3e28c4885...45666455f3d7

            People

            • Assignee:
              jglick Jesse Glick
              Reporter:
              jglick Jesse Glick
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: