Details
-
Bug
-
Resolution: Fixed
-
Minor
-
2.6.5
-
None
-
None
Description
def gs = GrouperSession.startRootSessionIfNotStarted().grouperSession
|
subject = RegistrySubject.add(s=gs,
|
id='1001&""',
|
type="person",
|
name='Sally Tables',
|
nameAttributeValue='Sally ; DROP TABLE & " "',
|
loginid='stables',
|
description='Sally ; DROP TABLE & " "',
|
email="sally.tables@somewhere.someSchool.edu")
|
When adding this subject to a group, it shows up in the list but can't be added. Selecting it and adding gives Grouper error: "Select an entity from the search results"
I think the dojoComboQueryLogic class shouldn't be escaping the id, since it's setting an element value, not displaying it as html