[JIRA] (JENKINS-14309) HTML injection in username

[asuff...@cisco.com (JIRA)]

Andrew Suffield created JENKINS-14309 HTML injection in username Issue Type: Bug Assignee: redsolo Components: ci-game Created: 04/Jul/12 2:03 PM Description: One of our developers set their username so this was in the config: <?xml version='1.0' encoding='UTF-8'?> <user> <fullName>First Last </a></td><td></td><td>1000000.0</td></tr><tr><td><a href=""> This could be used for evil _javascript_ injection purposes as well as silly ones. Project: Jenkins Priority: Critical Reporter: Andrew Suffield

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira