[MGNLSTK-628] PUR Module Default STK Templates Registration Page Field Values Created: 20/May/10  Updated: 23/Jan/13  Resolved: 27/May/10

Status: Closed
Project: Magnolia Standard Templating Kit (closed)
Component/s: demoproject, paragraphs, templates
Affects Version/s: None
Fix Version/s: 1.3.1

Type: Bug Priority: Critical
Reporter: Matt Dertinger Assignee: Zdenek Skodik
Resolution: Fixed Votes: 0
Labels: pur, stk
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Cloners
relation
is related to MGNLPUR-44 use NoHTMLValidator at UsernameValidator Closed
is related to MGNLFORM-46 add no-html validator to prevent html... Closed
Template:
Acceptance criteria:
Empty

 Description   

Currently it is possible to inject HTML directly into the Public User Realm via form fields in the default registration form paragraph stkPURRegistrationForm.

Steps to reproduce locally:

  1. Open a browser and navigate to http://localhost:8080/magnoliaPublic/demo-project/members-area/registration.html
  2. In the Username field, enter myusername
  3. In the Password and Password confirmation fields, enter mypassword
  4. In the Full name field, enter My Full Name <button type="submit">Submit</button>
  5. In the Email field, enter your email address # Click the REGISTER button
  6. Log into AdminCentral on your local public instance: http://localhost:8080/magnoliaPublic/.magnolia
  7. Navigate to Security -> Public Users -> m -> my -> myusername
  8. Notice the value in the Full name column is My Fullname (submit button rendered)

Please let me know if you have any questions.

Thanks,
Matt


Generated at Mon Feb 12 07:28:52 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.