Error dialogs do not escape HTML from fields

This can easily be tested in password recovery. Other parts of FD might be impacted.

This can cause bugs or allow HTML/javascript injection.

changed title from Password recover does not escape fields in error messages to Password recovery does not escape fields in error messages

By Côme Chilliet on 2018-10-10T06:48:33 (imported from GitLab)

created branch 5907-password-recover-does-not-escape-fields-in-error-messages

By Côme Chilliet on 2018-10-10T06:48:41 (imported from GitLab)

mentioned in merge request !420

By Côme Chilliet on 2018-10-10T06:48:44 (imported from GitLab)

mentioned in commit 5ba0f704

By Côme Chilliet on 2018-10-10T06:59:09 (imported from GitLab)

changed title from Password recovery does not escape fields in error messages to Error dialogs do not escape HTML from fields

By Côme Chilliet on 2018-10-10T07:00:34 (imported from GitLab)

changed the description

By Côme Chilliet on 2018-10-10T07:00:34 (imported from GitLab)

Some dialogs use HTML and will get broken by this, the one I know of is invalid value for a StringAttribute with an example provided.

I expect a few other also uses <br/> as well.

By Côme Chilliet on 2018-10-10T07:03:00 (imported from GitLab)

I reverted the change for now, there are way too much dialogs using HTML.

We’ll need to think through a proper solution for this, possibly as part of the migrating errors to objects which is planned at some point.

By Côme Chilliet on 2018-10-10T07:46:46 (imported from GitLab)

added PJ1802-0188 label

By Côme Chilliet on 2018-10-10T11:53:43 (imported from GitLab)

added 1h of time spent at 2018-10-10

By Côme Chilliet on 2018-10-10T11:53:50 (imported from GitLab)

added enhancement fusiondirectory-core labels

By bmortier on 2018-10-29T15:52:46 (imported from GitLab)

mentioned in issue #5918 (closed)

By Côme Chilliet on 2018-11-05T09:37:51 (imported from GitLab)

changed milestone to %FusionDirectory 1.5

By bmortier on 2019-05-28T11:59:42 (imported from GitLab)

mentioned in issue #6071

By Côme Chilliet on 2020-02-13T10:26:56 (imported from GitLab)

changed milestone to %FusionDirectory 1.4

By bmortier on 2020-03-21T14:28:31 (imported from GitLab)

added error management label

This is fixed by #6071

By Côme Chilliet on 2020-08-25T12:15:38 (imported from GitLab)

closed

By Côme Chilliet on 2020-08-25T12:15:38 (imported from GitLab)

removed Bugs label

removed enhancement label