Loading...

XML

Word

Printable

Type: Bug
Resolution: Not an issue
Priority: Neutral
Fix Version/s: 6.1.3, 6.2
Affects Version/s: 6.1
Component/s: admincentral
Labels:
None

Template:
Acceptance criteria:

Empty

show more show less
Task DoD:

show more show less
Bug DoR:

show more show less
Epic Link:
DEV-919
Sprint:
UI Framework 6
Story Points:
3

Notifications and alerts often contain HTML formatted text. Currently this seems not to be always supported by Magnolia (IIRC, Vaadin now disallows html content by default for security reasons). See attachment. More examples can be found in the two tickets linked as duplicate.

After proper text sanitisation on the server side, it should be safe to allow HTML content. Sanitisation is important here because the text displayed may partly come from the client and contain malicious executable code.

See info.magnolia.ui.AlertBuilder and info.magnolia.admincentral.ResurfaceShell#openNotification (for legacy notifs)

Acceptance criteria

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

html-code-shows.png
88 kB
21/Aug/19 6:28 PM

is duplicated by

MAGNOLIA-7427 Line breaks are displayed as <br> in some ui elements

Closed

MGNLUI-5331 DAM Upload Success/Error popup

Closed

is related to

MGNLUI-4760 Resurface: Inline HTML leaks into messages

Closed

relates to

MGNLUI-4608 Inline HTML leaks into language chooser tooltip

Closed

Assignee:: Adam Siska

Reporter:: Federico Grilli

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 21/Aug/19 6:29 PM

Updated:: 24/Oct/19 1:25 PM

Resolved:: 24/Oct/19 11:08 AM

Date of First Response:: 10/Sep/19 10:48 AM

Bug DoR

Task DoD

Details

Description

Checklists

Attachments

Attachments

Issue Links

Activity

People

Dates

Checklists