| Thread Previous • Date Previous • Date Next • Thread Next |
Public bug reported:
With the Glance v1 API, Horizon does no input sanitization on the Image
Description field, so newlines in the Description will be sent along
verbatim, breaking the session.
A simple test case to reproduce:
1. Stand up a Devstack, login to Horizon, and go to the Project » Images page
2. Edit an image
3. Set the description to "foo\n\nbar" (i.e., "foo", two newlines, then "bar")
4. Set the name to "foo bar"
Expected behaviour:
The name of the image changes to "foo bar", and the description (on the
Detail page) changes to "foo\n\nbar"
Actual behaviour:
The name is unchanged, and the description is set to "foo" The glance-
api session on Devstack will also report an HTTP 400 error.
** Affects: horizon
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1370732
Title:
Image Create/Edit Description field cannot contain newlines
Status in OpenStack Dashboard (Horizon):
New
Bug description:
With the Glance v1 API, Horizon does no input sanitization on the
Image Description field, so newlines in the Description will be sent
along verbatim, breaking the session.
A simple test case to reproduce:
1. Stand up a Devstack, login to Horizon, and go to the Project » Images page
2. Edit an image
3. Set the description to "foo\n\nbar" (i.e., "foo", two newlines, then "bar")
4. Set the name to "foo bar"
Expected behaviour:
The name of the image changes to "foo bar", and the description (on
the Detail page) changes to "foo\n\nbar"
Actual behaviour:
The name is unchanged, and the description is set to "foo" The
glance-api session on Devstack will also report an HTTP 400 error.
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1370732/+subscriptions
| Thread Previous • Date Previous • Date Next • Thread Next |
