Issue 14166

XSS vulnerability on Node search

14166
Reporter: lfrancke
Assignee: cvizitiu
Type: Bug
Summary: XSS vulnerability on Node search
Priority: Blocker
Resolution: Fixed
Status: Closed
Created: 2013-10-07 14:35:42.912
Updated: 2013-10-08 13:17:59.91
Resolved: 2013-10-08 13:17:59.878
        
Description: Example: http://www.gbif.org/search/node/%3E%22'%3E%3Cmy_tag_0d720855c75bb2a24db61aac7a195e9934c0452f00a746887ef0ba4b2d2026ce/%3E

The tag  appears in the DOM. Means anyone can inject code and let for example JavaScript execute on anyone visiting a carefully crafted link

Assigning to Cip, not sure if correct.]]>
    


Author: cvizitiu@gbif.org
Comment: Fixed. Reporter [~lfrancke@gbif.org] please verify and close issue. 
Created: 2013-10-07 14:58:44.246
Updated: 2013-10-07 14:58:44.246


Author: lfrancke@gbif.org
Comment: Excellent! Looks good. Thanks for the quick turnaround.
Created: 2013-10-08 13:17:51.847
Updated: 2013-10-08 13:17:51.847