[XRAY-3088] Test and Pre-condition email is subject to HTML injection - Xblend Issue Tracker

Xporter

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Done
Affects Version/s: R3.2.0
Fix Version/s: R3.2.0
Component/s: Security
Labels:
- security_vulnerability_low

Sprint:
Xray R3.2.0 S4
Requirement Status:
NOTRUN
- 1

Description

Test and Pre-condition email is subject to HTML injection.

If you write a Cucumber scenario with an HTML tag (e.g. <button>) this text will be rendered to HTML in the e-mail.

Given I have entered <input_1> into the calculator
And I have entered <input_2> into the calculator
When I press <button>
Then the result should be <output> on the screen stuff

  Examples:
    | input_1 | input_2 | button | output |
    | 20      | 30      | add    | 50     |
    | 2       | 5       | add    | 7      |
    | 0       | 40      | add    | 40     | 
    | 4       | 50      | add    | 54     | 
    | 5       | 50      | add    | 55     |

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Screenshot_12.png
49 kB
10/Aug/18 2:48 PM

Activity

People

Assignee:: Diamantino Campos

Reporter:: Hugo Braz [X] (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 10/Aug/18 2:48 PM

Updated:: 09/Apr/20 11:37 AM

Resolved:: 09/Apr/20 11:37 AM

Time Tracking

Estimated:

Remaining:

Logged:

2h 30m