Anonymous | Login

Project:

News | My View | View Issues | Roadmap | Summary

View Issue Details[ Jump to Notes ]

[ Issue History ] [ Print ]

ID

0056996

Type

Category

Severity

Reproducibility

Date Submitted

Last Update

backport

[Openbravo ERP] A. Platform

major

have not tried

2024-10-14 08:11

2024-11-28 13:00

Reporter

alostale

View Status

public

Assigned To

Triage Platform Base

Priority

normal

Resolution

open

Fixed in Version

Status

scheduled

Fix in branch

Fixed in SCM revision

Projection

none

ETA

none

Target Version

PR24Q2.5

OS

Any

Database

Any

Java version

OS Version

Database version

Ant version

Product Version

SCM revision

Review Assigned To

Web browser

Modules

Core

Regression level

Regression date

Regression introduced in release

Regression introduced by commit

Triggers an Emergency Pack

No

Summary

0056996: broken layout in window title

Description

When opening a link to Openbravo backoffice if the title of a view contains some special characters the layout can be broken.

Steps To Reproduce

Try to open some link like:

https://localhost:8080/openbravo/#%7Bst:0,bm:%5B%7BviewId:__X__,params:%7BtabTitle:__%3Cimg%20src=a%20onerr [^]
or=alert()%3E__%7D%7D%5D%7D

Proposed Solution

Properly treat/escape tab titles when rendering them.

Tags

No tags attached.

Relationships [ Relation Graph ] [ Dependency Graph ]

blocks

defect

closed

Triage Platform Base

broken layout in window title

Notes
(0172713) hgbot (developer) 2024-11-28 13:00	Merge Request created: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/1462 [^]

Issue History
Date Modified	Username	Field	Change
2024-11-05 18:53	AugustoMauch	Type	defect => backport
2024-11-05 18:53	AugustoMauch	Target Version	=> PR24Q2.5
2024-11-28 13:00	hgbot	Note Added: 0172713

Copyright © 2000 - 2009 MantisBT Group