dhis2-devs team mailing list archive

Thread
Date

[Bug 1549378] [NEW] Javascript allowed in OU names, v2.22

To: dhis2-devs@xxxxxxxxxxxxxxxxxxx
From: Timothy Harding <tharding@xxxxxxxxxxxxxx>
Date: Wed, 24 Feb 2016 16:52:11 -0000
Reply-to: Bug 1549378 <1549378@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Conducting a training and just had a user pop some javascript into the
org unit name which when the user revealed it in the org unit hierarchy
it would fire off the javascript. I tested this in firefox, the attached
file was the result.

** Affects: dhis2
     Importance: Undecided
         Status: New

** Attachment added: "Screen Shot 2016-02-24 at 11.38.36 AM.png"
   https://bugs.launchpad.net/bugs/1549378/+attachment/4580110/+files/Screen%20Shot%202016-02-24%20at%2011.38.36%20AM.png

-- 
You received this bug notification because you are a member of DHIS 2
developers, which is subscribed to DHIS.
https://bugs.launchpad.net/bugs/1549378

Title:
  Javascript allowed in OU names, v2.22

Status in DHIS:
  New

Bug description:
  Conducting a training and just had a user pop some javascript into the
  org unit name which when the user revealed it in the org unit
  hierarchy it would fire off the javascript. I tested this in firefox,
  the attached file was the result.

To manage notifications about this bug go to:
https://bugs.launchpad.net/dhis2/+bug/1549378/+subscriptions

Follow ups

[Bug 1549378] Re: Javascript allowed in OU names, v2.22
From: Morten Olav Hansen, 2016-03-01
Re: [Bug 1549378] [NEW] Javascript allowed in OU names, v2.22
From: Knut Staring, 2016-02-25