[MAGNOLIA-1897] HTML Tags in Page Titles Should Be Escaped in Admin Interface Created: 27/Nov/07  Updated: 13/Mar/12  Resolved: 28/Jun/10

Status: Closed
Project: Magnolia
Component/s: admininterface
Affects Version/s: 3.0.5
Fix Version/s: 4.3.3, 4.4

Type: Bug Priority: Minor
Reporter: Sean McMains Assignee: Ondrej Chytil
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

All


Issue Links:
relation
is related to MAGNOLIA-3205 Full name column in user tree renders... Closed
is related to MAGNOLIA-3308 HTML rendered / not escaped when ente... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled

 Description   

If one enters HTML tags as part of a Page Title, and then views the page hierarchy in AdminCentral, those HTML tags are interpreted, which can mess up rendering of the AdminConsole. (For example, try putting a few "<br/>" tags in a page title.)

The same issue applies to the "Full Role Name" field in Roles, the "Full Group Name" field in Groups, and the "Full Name" field in Users.

To reproduce:

1. Enter "page<br/>name<br/>test" for a page name in AdminConsole
2. Press the "refresh button"

Expected result:

The page name would display as entered.

Actual result:

The page name is spread across 3 lines and overlaps any items below it.


Generated at Mon Feb 12 03:31:23 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.