Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Minor
Fix Version/s: 2.6.6
Affects Version/s: 2.6.5
Component/s: None
Labels:
None

Description

def gs = GrouperSession.startRootSessionIfNotStarted().grouperSession

subject = RegistrySubject.add(s=gs,

                          id='1001&amp;amp;"&quot;',

                          type="person",

                          name='Sally Tables',

                          nameAttributeValue='Sally ; DROP TABLE &amp; &quot; &amp;quot;',

                          loginid='stables',

                          description='Sally ; DROP TABLE &amp; &quot; &amp;quot;',

                          email="sally.tables@somewhere.someSchool.edu")

When adding this subject to a group, it shows up in the list but can't be added. Selecting it and adding gives Grouper error: "Select an entity from the search results"

I think the dojoComboQueryLogic class shouldn't be escaping the id, since it's setting an element value, not displaying it as html

Attachments

Activity

People

Assignee:: Chad Redman (unc.edu)

Reporter:: Chad Redman (unc.edu)

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 21/Jan/22 5:20 AM

Updated:: 21/Jan/22 5:30 AM

Resolved:: 21/Jan/22 5:30 AM