/[Apache-SVN]
ViewVC logotype

Revision 1848442

Jump to revision: Previous Next
Author: mbrohl
Date: Sat Dec 8 08:58:52 2018 UTC (5 years, 4 months ago)
Changed paths: 2
Log Message: 
Applied fix from trunk for revision: 1848441 
===

Fixed: UI bug in scrum component
(OFBIZ-10676)

When editing product backlog items, inserted javascript code was
executed on the client side. The confirmational blinking of the newly 
added or changed value was implemented using the .html(value) function 
of jQuery. This causes the html to be interpreted and the script to be
executed. But the data is stored, converting it into html, so not 
considered to be a vulnerability.
The fix changes the call to .text. This prevents the html to be 
interpreted.

Thanks Benjamin Jugl for providing the patch.

Changed paths

Path Details
Directoryofbiz/ofbiz-framework/branches/release17.12/ modified , props changed
Directoryofbiz/ofbiz-framework/branches/release17.12/themes/common/webapp/common/js/util/OfbizUtil.js modified , text changed
infrastructure at apache.org
 ViewVC Help
Powered by ViewVC 1.1.26