NCrunch Forum
»
General Support
»
Daily Usage Issues
»
TimeLine.html is not escaping HTML for test name
Rank: Advanced Member
Groups: Registered
Joined: 6/17/2012(UTC)
Posts: 509
Thanks: 147 times
Was thanked: 66 time(s) in 64 post(s)
|
[NCrunch Console Tool v3.23.0.9] The generated TimeLine.html does not seem to escape HTML so e.g. below results in a popup "123" when viewed in a browser (or in a TeamCity tab): Code:
<div class="passingtest"><div style="display:inline;margin-left: 10px;"><i data-feather="check"></i> MiscFixtures.GetReminderTextReturnsHtmlEncodedMessage("test reminder")</div></div>
<div class="passingtest"><div style="display:inline;margin-left: 10px;"><i data-feather="check"></i> MiscFixtures.*</div></div>
<div class="passingtest"><div style="display:inline;margin-left: 10px;"><i data-feather="check"></i> MiscFixtures.GetReminderTextReturnsHtmlEncodedMessage("test reminder<br/><script>alert(123);</script>")</div></div>
|
|
1 user thanked GreenMoose for this useful post.
|
|
|
|
Rank: NCrunch Developer
Groups: Registered
Joined: 9/22/2017(UTC)
Posts: 306
Location: Netherlands
Thanks: 138 times
Was thanked: 73 time(s) in 69 post(s)
|
Good catch! I'll have a look :)
|
|
1 user thanked michaelkroes for this useful post.
|
|
|
|
Rank: NCrunch Developer
Groups: Registered
Joined: 9/22/2017(UTC)
Posts: 306
Location: Netherlands
Thanks: 138 times
Was thanked: 73 time(s) in 69 post(s)
|
This is fixed in the upcoming release. Thanks again!
|
|
1 user thanked michaelkroes for this useful post.
|
|
|
|
NCrunch Forum
»
General Support
»
Daily Usage Issues
»
TimeLine.html is not escaping HTML for test name
Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.
YAF |
YAF © 2003-2011, Yet Another Forum.NETThis page was generated in 0.016 seconds.
