We couldn't load all Actvitity tabs. Refresh the page to try again.
If the problem persists, contact your Jira admin.
translate5Project Type: software

translate5

Uploaded image for project: 'translate5'
  1. translate5
  2. TRANSLATE-3960

Test PXSS in all input fields of the application

Details

    • Critical
    • Security: fixed remaining PXSS issues by adding frontend-sanitization

    Description

      problem

      TRANSLATE-283 was not solved completely. For some fields PXSS is prevented, for some not.

      In the re-test at least in the POST of language resources PXSS still exist.

      That can be easily be tested by adding some html like bold to the input and save it.

      If the html remains after reloading the grid, then the PXSS still is there and must be fixed / checked why. It should be solved in general by the Input sanitizer.

      The consequence is, that we have to test all fields manually!

      Also we should add that to the tests by modify existing tests and add there html to the input data - in the best case its stripped and in the test comparsion part there is no need to do any change at all.

       

      Attachments

        Issue Links

          is caused by

          Bug - A problem which impairs or prevents the functions of the product. TRANSLATE-283 XSS Protection in translate5

          • Done
          relates to

          Bug - A problem which impairs or prevents the functions of the product. TRANSLATE-4129 Quotation marks and apostrophes in comments are escaped

          • Done

          Task - A task that needs to be done. TRANSLATE-3964 Prevent PXSS in filenames

          • Done

          Bug - A problem which impairs or prevents the functions of the product. TRANSLATE-4129 Quotation marks and apostrophes in comments are escaped

          • Done

          Improvement - An improvement or enhancement to an existing feature or task. TRANSLATE-4110 Add escaping html on TM Maintenance page

          • Selected for dev

          Activity

            Loading...
            Uploaded image for project: 'translate5'
            1. translate5
            2. TRANSLATE-3960

            Test PXSS in all input fields of the application

            Details

              • Critical
              • Security: fixed remaining PXSS issues by adding frontend-sanitization

              Description

                problem

                TRANSLATE-283 was not solved completely. For some fields PXSS is prevented, for some not.

                In the re-test at least in the POST of language resources PXSS still exist.

                That can be easily be tested by adding some html like bold to the input and save it.

                If the html remains after reloading the grid, then the PXSS still is there and must be fixed / checked why. It should be solved in general by the Input sanitizer.

                The consequence is, that we have to test all fields manually!

                Also we should add that to the tests by modify existing tests and add there html to the input data - in the best case its stripped and in the test comparsion part there is no need to do any change at all.

                 

                Attachments

                  Issue Links

                    is caused by

                    Bug - A problem which impairs or prevents the functions of the product. TRANSLATE-283 XSS Protection in translate5

                    • Done
                    relates to

                    Bug - A problem which impairs or prevents the functions of the product. TRANSLATE-4129 Quotation marks and apostrophes in comments are escaped

                    • Done

                    Task - A task that needs to be done. TRANSLATE-3964 Prevent PXSS in filenames

                    • Done

                    Bug - A problem which impairs or prevents the functions of the product. TRANSLATE-4129 Quotation marks and apostrophes in comments are escaped

                    • Done

                    Improvement - An improvement or enhancement to an existing feature or task. TRANSLATE-4110 Add escaping html on TM Maintenance page

                    • Selected for dev

                    Activity

                      People

                        sanya@mittagqi.com Sanya Mikhliaiev
                        tlauria Thomas Lauria
                        Thomas Lauria
                        Votes:
                        0 Vote for this issue
                        Watchers:
                        2 Start watching this issue

                        Dates

                          Created:
                          Updated:
                          Resolved:

                          People

                            sanya@mittagqi.com Sanya Mikhliaiev
                            tlauria Thomas Lauria
                            Thomas Lauria
                            Votes:
                            0 Vote for this issue
                            Watchers:
                            2 Start watching this issue

                            Dates

                              Created:
                              Updated:
                              Resolved: