13928: script (and tag) are not filtered or encoded if question is in same group

This bug affects 1 person(s).

ID	Project	Category	View Status	Date Submitted	Last Update

13928	Bug reports	Survey taking	public	2018-08-01 18:15	2018-10-17 17:30

Reporter	DenisChenu	Assigned To	DenisChenu
Priority	none	Severity	partial_block
Status	closed	Resolution	fixed
Product Version	3.13.x
Fixed in Version	3.15.x

Summary	13928: script (and tag) are not filtered or encoded if question is in same group
Description	If user enter script inside a tect input : script is done.
Steps To Reproduce	Import included survey enter &lt:strong&gt:STRONG&lt:/strong&gt:&lt:script&gt:alert('toto')&lt:/script&gt: inside 1st question
Additional Information	In 2.73 : script are filtered, but not tag I think we mus always encode value (like we don when move next)
Tags	No tags attached.
Attached Files	Capture 2.73.png (15,947 bytes) Capture 2.73.png (15,947 bytes) Capture du 2018-08-01 18-05-47.png (19,508 bytes) Capture du 2018-08-01 18-05-47.png (19,508 bytes) limesurvey_survey_scriptAction.lss (20,948 bytes)

Bug heat	2
Complete LimeSurvey version number (& build)	3.14.1 github
I will donate to the project if issue is resolved	No
Browser	FF61.0.1
Database type & version	not relevant
Server OS (if known)	not relevant
Webserver software & version (if known)	not relevant
PHP Version	not relevant

User List	There are no users monitoring this issue.

LimeSurvey: master_13928 74982bba 2018-08-01 20:58 DenisChenu Details Diff	Fixed issue 13928: script (and tag) are not filtered or encoded if question is in same group Dev: htmlentities only for user entered values Dev: some copy paste from .shown where user entered values are encoded	Affected Issues 13928
	mod - application/config/version.php	Diff File
	mod - assets/scripts/expressions/em_javascript.js	Diff File
LimeSurvey: master da0d8acb 2018-10-15 20:38 DenisChenu Committer: GitHub Details Diff	Fixed issue 13928: script (and tag) are not filtered or encoded if question is in same group Fixed issue 13928: script (and tag) are not filtered or encoded if question is in same group Dev: htmlentities only for user entered values Dev: some copy paste from .shown where user entered values are encoded Dev: some question not need to be encoded	Affected Issues 13928
	mod - application/config/version.php	Diff File
	mod - assets/scripts/expressions/em_javascript.js	Diff File

Date Modified	Username	Field	Change
2018-08-01 18:15	DenisChenu	New Issue
2018-08-01 18:15	DenisChenu	File Added: Capture 2.73.png
2018-08-01 18:15	DenisChenu	File Added: Capture du 2018-08-01 18-05-47.png
2018-08-01 18:15	DenisChenu	File Added: limesurvey_survey_scriptAction.lss
2018-08-01 18:16	DenisChenu	Note Added: 48643
2018-08-01 18:59	DenisChenu	Note Added: 48644
2018-10-15 18:25	DenisChenu	Changeset attached	=> LimeSurvey master_13928 74982bba
2018-10-15 18:25	DenisChenu	Note Added: 49327
2018-10-15 18:25	DenisChenu	Assigned To	=> DenisChenu
2018-10-15 18:25	DenisChenu	Resolution	open => fixed
2018-10-15 18:38	DenisChenu	Changeset attached	=> LimeSurvey master da0d8acb
2018-10-15 18:38	DenisChenu	Note Added: 49329
2018-10-15 19:10	DenisChenu	Status	new => resolved
2018-10-15 19:10	DenisChenu	Fixed in Version	=> 3.15.x
2018-10-17 17:30	~~dominikvitt~~	Status	resolved => closed

DenisChenu 2018-08-01 18:16 developer ~48643	For copy/pasting : https://bin.shnoulle.net/?7e02c67aedb77393#357XsCPy6iJMafBYfibuY1xLRsnKtJX+ToaLmlUxnQ8=

DenisChenu 2018-08-01 18:59 developer ~48644	https://github.com/LimeSurvey/LimeSurvey/pull/1106

DenisChenu 2018-10-15 18:25 developer ~49327	Fix committed to master_13928 branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=28331

DenisChenu 2018-10-15 18:38 developer ~49329	Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=28335