Maniphest T11927

HTML no escaped in Diffusion
Closed, InvalidPublic
Actions

Assigned To

None

Authored By

	• Pbutcher
	Nov 29 2016, 11:07 AM

Tags

Referenced Files

None

Subscribers

Description

I have html in my file. If I browse to it in diffusion, the html renders as it is not escaped

Replication -
Create a file with html inside.
Browse to in diffusion

Related Objects

Mentioned In: rGITTEST48932fb93a87: Add an HTML file to demonstrate T11927.

Event Timeline

• Pbutcher created this task.Nov 29 2016, 11:07 AM

epriestley mentioned this in rGITTEST48932fb93a87: Add an HTML file to demonstrate T11927..Nov 29 2016, 12:12 PM

Please report security issues via HackerOne.
This isn't a valid bug report: it is missing required information. See Contributing Bug Reports.
I can't reproduce this. Here's an HTML file which is properly escaped:

https://secure.phabricator.com/diffusion/GITTEST/browse/master/example.html;48932fb93a87ed665757950802f401d7af387b7c