One of my tests outputs text that contains what looks like an HTML tag:
ok 19 - msg is "defO01<<TRUNCATED>>"
The Description column for this test on the TAP Extended Test Results page looks like this:
- msg is "defO01<>"
When I browse the source HTML for this section of the page, the text from the TAP output is definitely not being escaped. This could lead to cross-site scripting issues.
|Field||Original Value||New Value|
|Status||Open [ 1 ]||In Progress [ 3 ]|
|Status||In Progress [ 3 ]||Open [ 1 ]|
|Resolution||Fixed [ 1 ]|
|Status||Open [ 1 ]||Resolved [ 5 ]|
|Status||Resolved [ 5 ]||Closed [ 6 ]|
|Workflow||JNJira [ 151193 ]||JNJira + In-Review [ 206965 ]|