Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-1898

/varz page doesn't HTML-escape flag values

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.3.0
    • Fix Version/s: 1.3.0
    • Component/s: util
    • Labels:
      None

      Description

      I was just trying the new "flag redaction" feature and noticed that the string '<redacted>' isn't getting properly HTML-escaped in the /varz web page. It appears we've never properly escaped flag values in this context, but it's only obvious now that the '<redacted>' string is getting interpreted as an HTML tag.

        Attachments

          Activity
          $i18n.getText('security.level.explanation', $currentSelection) Viewable by All Users
          Cancel

            People

            • Assignee:
              hahao Hao Hao
              Reporter:
              tlipcon Todd Lipcon

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment