We're updating the issue view to help you get more done. 

Security audit logviewer is not escaping tags

Description

One can add say a system property with a value <script>something<script>. It will show as a text on the System Property page. But in the Security audit log viewer this script will run. More than this, Security audit log viewer will not show previous entries if the one with the script is in the current showing range. Which could be a problem in the production environment, as you can't fix it by deleting the faulty system property. Audit entry will stay there unless one deletes it in the database.

Environment

None

Acceptance Test - Entry

None

Activity

Show:
Tom Evans
May 4, 2013, 7:59 AM

Patch under review (courtesy Peter Johnson).

Tom Evans
May 4, 2013, 8:15 AM

Modified and applied patch; performed light testing via admin console. Presumed fixed.

Assignee

Tom Evans

Reporter

wroot

Labels

None

Expected Effort

None

Components

Fix versions

Affects versions

Priority

Major
Configure