Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-20800

HTML metacharacters not escaped in log messages

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Means XML tags are rendered raw in /log/*/ pages, which makes them generally invisible.

        Attachments

          Activity

          jglick Jesse Glick created issue -
          jglick Jesse Glick made changes -
          Field Original Value New Value
          Status Open [ 1 ] In Progress [ 3 ]
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Jesse Glick
          Path:
          changelog.html
          core/src/main/java/hudson/Functions.java
          core/src/test/java/hudson/FunctionsTest.java
          http://jenkins-ci.org/commit/jenkins/a900b488b527a25009e3536bc94e945f5fbfe4ad
          Log:
          [FIXED JENKINS-20800] HTML metacharacters not escaped in log messages.

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: changelog.html core/src/main/java/hudson/Functions.java core/src/test/java/hudson/FunctionsTest.java http://jenkins-ci.org/commit/jenkins/a900b488b527a25009e3536bc94e945f5fbfe4ad Log: [FIXED JENKINS-20800] HTML metacharacters not escaped in log messages.
          scm_issue_link SCM/JIRA link daemon made changes -
          Resolution Fixed [ 1 ]
          Status In Progress [ 3 ] Resolved [ 5 ]
          Hide
          dogfood dogfood added a comment -

          Integrated in jenkins_main_trunk #3081
          [FIXED JENKINS-20800] HTML metacharacters not escaped in log messages. (Revision a900b488b527a25009e3536bc94e945f5fbfe4ad)

          Result = SUCCESS
          Jesse Glick : a900b488b527a25009e3536bc94e945f5fbfe4ad
          Files :

          • core/src/main/java/hudson/Functions.java
          • changelog.html
          • core/src/test/java/hudson/FunctionsTest.java
          Show
          dogfood dogfood added a comment - Integrated in jenkins_main_trunk #3081 [FIXED JENKINS-20800] HTML metacharacters not escaped in log messages. (Revision a900b488b527a25009e3536bc94e945f5fbfe4ad) Result = SUCCESS Jesse Glick : a900b488b527a25009e3536bc94e945f5fbfe4ad Files : core/src/main/java/hudson/Functions.java changelog.html core/src/test/java/hudson/FunctionsTest.java
          danielbeck Daniel Beck made changes -
          Labels lts-candidate lts-candidate security
          Hide
          danielbeck Daniel Beck added a comment -

          Possible attack vector for malicious users who just need to trigger log messages with a script payload and wait for admins to access the log.

          Show
          danielbeck Daniel Beck added a comment - Possible attack vector for malicious users who just need to trigger log messages with a script payload and wait for admins to access the log.
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Jesse Glick
          Path:
          core/src/main/java/hudson/Functions.java
          core/src/test/java/hudson/FunctionsTest.java
          http://jenkins-ci.org/commit/jenkins/45666455f3d7ce8d80bd5885f5adbfd499fbb02e
          Log:
          [FIXED JENKINS-20800] HTML metacharacters not escaped in log messages.
          (cherry picked from commit a900b488b527a25009e3536bc94e945f5fbfe4ad)

          Conflicts:
          changelog.html
          core/src/main/java/hudson/Functions.java

          Compare: https://github.com/jenkinsci/jenkins/compare/5cf3e28c4885...45666455f3d7

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: core/src/main/java/hudson/Functions.java core/src/test/java/hudson/FunctionsTest.java http://jenkins-ci.org/commit/jenkins/45666455f3d7ce8d80bd5885f5adbfd499fbb02e Log: [FIXED JENKINS-20800] HTML metacharacters not escaped in log messages. (cherry picked from commit a900b488b527a25009e3536bc94e945f5fbfe4ad) Conflicts: changelog.html core/src/main/java/hudson/Functions.java Compare: https://github.com/jenkinsci/jenkins/compare/5cf3e28c4885...45666455f3d7
          olivergondza Oliver Gond┼ża made changes -
          Labels lts-candidate security 1.532.2-fixed security
          rtyler R. Tyler Croy made changes -
          Workflow JNJira [ 152611 ] JNJira + In-Review [ 194284 ]

            People

            Assignee:
            jglick Jesse Glick
            Reporter:
            jglick Jesse Glick
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: