Closed Bug 1004537 Opened 11 years ago Closed 11 years ago

Notes+ does not escape HTML in preview

Categories

(Firefox OS Graveyard :: Gaia::Notes, defect)

Product:
Firefox OS Graveyard
Component:
Gaia::Notes
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: andrew.mainland, Unassigned)

References

Details

(Whiteboard: [fixed by bug 959400])

Attachments

(2 files)

Screenshot of actual text
13.87 KB, image/png
Details
Screenshot of preview
14.83 KB, image/png
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0 (Beta/Release) Build ID: 20140314220517 Steps to reproduce: Create a new document with html. (For instance Hello World<br /> <b>Test</b>) save and return to the preview mode. Actual results: You will see formatted wysiwyg text. Expected results: You should see html not formatted text. Perhaps some malicious attack (yet very lame) would be possible (trick user into opening the wrong doc?)
Status: UNCONFIRMED → NEW
Ever confirmed: true
This is the text of the file
Attached image Screenshot of preview
This is a screenshot of the preview notice the bold text and newline
Bug 959400 has fixed this. The latest version of the app should be working fine.
Status: NEW → RESOLVED
Closed: 11 years ago
Depends on: 959400
Resolution: --- → FIXED
Whiteboard: [fixed by bug 959400]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: