Project parameter defaults are not HTML encoded (Bug #357)


Added by Steven Liekens over 2 years ago. Updated over 2 years ago.


Status:New Start date:04/29/2015
Priority:Immediate Due date:
Assignee:- % Done:

0%

Category:Configuration Spent time: -
Target version:1.9 Estimated time:1.00 hour
Affected version:1.8.5

Description

Consider this example of a parameter:

    <textParameter name="BuildArgs">
        <display>Build Arguments</display>
        <required>false</required>
        <default>/p:Platform="AnyCPU" /p:Configuration="TST" /p:BuildingInsideCruiseControl="true" /p:Version="$[$CCNetLabel]" /p:PreReleaseIdentifiers="$[$CCNetBuildId]" /p:MetadataIdentifiers="$(sourcecontroltype);$[Branch];$[$CCNetBuildDate]" @build.rsp</default>
    </textParameter>

The value of the default tag is not escaped in the dashboard.

Offending file: https://github.com/ccnet/CruiseControl.NET/blob/65a7ca033d5f2704e63e47f81995c4cb8fb966d9/project/WebDashboard/Dashboard/ProjectParametersAction.cs#L28


Untitled.png (29.5 kB) Steven Liekens, 04/29/2015 12:08 pm


History

Updated by Steven Liekens over 2 years ago

Attachment: screenshot

Also available in: Atom PDF