[MGNLUI-6642] Labels with HTML Created: 31/Mar/21  Updated: 07/Mar/22  Resolved: 07/Mar/22

Status: Closed
Project: Magnolia UI
Component/s: None
Affects Version/s: 6.2.8
Fix Version/s: None

Type: Bug Priority: Neutral
Reporter: Richard Gange Assignee: Unassigned
Resolution: Outdated Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File HTML-in-labels.png     PNG File contacts-app.png    
Issue Links:
duplicate
is duplicated by MGNLUI-6188 Asset upload field in legacy apps: sh... Closed
relation
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled

 Description   

Lots of labels displayed with message boxes contain HTML. This HTML is shown and not interpreted. We should allow some HTML characters for simply formatting but sanitize anything that could be used to exploit the system (see MAGNOLIA-6728).

 Reproduce

  • Open the configuration app
  • Try to delete a module

In the contacts app try and change a picture

Notes
See also MGNLUI-6188


Generated at Mon Feb 12 09:38:32 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.