Means XML tags are rendered raw in /log/*/ pages, which makes them generally invisible.

          [JENKINS-20800] HTML metacharacters not escaped in log messages

          Code changed in jenkins
          User: Jesse Glick
          Path:
          changelog.html
          core/src/main/java/hudson/Functions.java
          core/src/test/java/hudson/FunctionsTest.java
          http://jenkins-ci.org/commit/jenkins/a900b488b527a25009e3536bc94e945f5fbfe4ad
          Log:
          [FIXED JENKINS-20800] HTML metacharacters not escaped in log messages.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: changelog.html core/src/main/java/hudson/Functions.java core/src/test/java/hudson/FunctionsTest.java http://jenkins-ci.org/commit/jenkins/a900b488b527a25009e3536bc94e945f5fbfe4ad Log: [FIXED JENKINS-20800] HTML metacharacters not escaped in log messages.

          dogfood added a comment -

          Integrated in jenkins_main_trunk #3081
          [FIXED JENKINS-20800] HTML metacharacters not escaped in log messages. (Revision a900b488b527a25009e3536bc94e945f5fbfe4ad)

          Result = SUCCESS
          Jesse Glick : a900b488b527a25009e3536bc94e945f5fbfe4ad
          Files :

          • core/src/main/java/hudson/Functions.java
          • changelog.html
          • core/src/test/java/hudson/FunctionsTest.java

          dogfood added a comment - Integrated in jenkins_main_trunk #3081 [FIXED JENKINS-20800] HTML metacharacters not escaped in log messages. (Revision a900b488b527a25009e3536bc94e945f5fbfe4ad) Result = SUCCESS Jesse Glick : a900b488b527a25009e3536bc94e945f5fbfe4ad Files : core/src/main/java/hudson/Functions.java changelog.html core/src/test/java/hudson/FunctionsTest.java

          Daniel Beck added a comment -

          Possible attack vector for malicious users who just need to trigger log messages with a script payload and wait for admins to access the log.

          Daniel Beck added a comment - Possible attack vector for malicious users who just need to trigger log messages with a script payload and wait for admins to access the log.

          Code changed in jenkins
          User: Jesse Glick
          Path:
          core/src/main/java/hudson/Functions.java
          core/src/test/java/hudson/FunctionsTest.java
          http://jenkins-ci.org/commit/jenkins/45666455f3d7ce8d80bd5885f5adbfd499fbb02e
          Log:
          [FIXED JENKINS-20800] HTML metacharacters not escaped in log messages.
          (cherry picked from commit a900b488b527a25009e3536bc94e945f5fbfe4ad)

          Conflicts:
          changelog.html
          core/src/main/java/hudson/Functions.java

          Compare: https://github.com/jenkinsci/jenkins/compare/5cf3e28c4885...45666455f3d7

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: core/src/main/java/hudson/Functions.java core/src/test/java/hudson/FunctionsTest.java http://jenkins-ci.org/commit/jenkins/45666455f3d7ce8d80bd5885f5adbfd499fbb02e Log: [FIXED JENKINS-20800] HTML metacharacters not escaped in log messages. (cherry picked from commit a900b488b527a25009e3536bc94e945f5fbfe4ad) Conflicts: changelog.html core/src/main/java/hudson/Functions.java Compare: https://github.com/jenkinsci/jenkins/compare/5cf3e28c4885...45666455f3d7

            jglick Jesse Glick
            jglick Jesse Glick
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: