View Issue Details

IDProjectCategoryView StatusLast Update
13928Bug reports[All Projects] Survey takingpublic2018-10-17 17:30
ReporterDenisChenu Assigned ToDenisChenu  
PrioritynoneSeveritymajor 
Status closedResolutionfixed 
Product Version3.13.x 
Target VersionFixed in Version3.15.x 
Summary13928: script (and tag) are not filtered or encoded if question is in same group
Description

If user enter script inside a tect input : script is done.

Steps To Reproduce

Import included survey enter
&lt:strong&gt:STRONG&lt:/strong&gt:&lt:script&gt:alert('toto')&lt:/script&gt:

inside 1st question

Additional Information

In 2.73 : script are filtered, but not tag

I think we mus always encode value (like we don when move next)

TagsNo tags attached.
Complete LimeSurvey version number (& build)3.14.1 github
I will donate to the project if issue is resolvedNo
BrowserFF61.0.1
Database & DB-Versionnot relevant
Server OS (if known)not relevant
Webserver software & version (if known)not relevant
PHP Versionnot relevant

Activities

DenisChenu

DenisChenu

2018-08-01 18:15

developer  

Capture 2.73.png (15,947 bytes)
Capture 2.73.png (15,947 bytes)
limesurvey_survey_scriptAction.lss (20,948 bytes)
DenisChenu

DenisChenu

2018-08-01 18:16

developer   ~48643

For copy/pasting : https://bin.shnoulle.net/?7e02c67aedb77393#357XsCPy6iJMafBYfibuY1xLRsnKtJX+ToaLmlUxnQ8=

DenisChenu

DenisChenu

2018-08-01 18:59

developer   ~48644

https://github.com/LimeSurvey/LimeSurvey/pull/1106

DenisChenu

DenisChenu

2018-10-15 18:25

developer   ~49327

Fix committed to master_13928 branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=28331

DenisChenu

DenisChenu

2018-10-15 18:38

developer   ~49329

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=28335

Related Changesets

LimeSurvey: master_13928 74982bba

2018-08-01 18:58:39

DenisChenu

Details Diff
Fixed issue 13928: script (and tag) are not filtered or encoded if question is in same group
Dev: htmlentities only for user entered values
Dev: some copy paste from .shown where user entered values are encoded
Affected Issues
13928
mod - application/config/version.php Diff File
mod - assets/scripts/expressions/em_javascript.js Diff File

LimeSurvey: master da0d8acb

2018-10-15 18:38:17

DenisChenu


Committer: GitHub Details Diff
Fixed issue 13928: script (and tag) are not filtered or encoded if question is in same group

Fixed issue 13928: script (and tag) are not filtered or encoded if question is in same group
Dev: htmlentities only for user entered values
Dev: some copy paste from .shown where user entered values are encoded
Dev: some question not need to be encoded
Affected Issues
13928
mod - application/config/version.php Diff File
mod - assets/scripts/expressions/em_javascript.js Diff File

Issue History

Date Modified Username Field Change
2018-08-01 18:15 DenisChenu New Issue
2018-08-01 18:15 DenisChenu File Added: Capture 2.73.png
2018-08-01 18:15 DenisChenu File Added: Capture du 2018-08-01 18-05-47.png
2018-08-01 18:15 DenisChenu File Added: limesurvey_survey_scriptAction.lss
2018-08-01 18:16 DenisChenu Note Added: 48643
2018-08-01 18:59 DenisChenu Note Added: 48644
2018-10-15 18:25 DenisChenu Changeset attached => LimeSurvey master_13928 74982bba
2018-10-15 18:25 DenisChenu Note Added: 49327
2018-10-15 18:25 DenisChenu Assigned To => DenisChenu
2018-10-15 18:25 DenisChenu Resolution open => fixed
2018-10-15 18:38 DenisChenu Changeset attached => LimeSurvey master da0d8acb
2018-10-15 18:38 DenisChenu Note Added: 49329
2018-10-15 19:10 DenisChenu Status new => resolved
2018-10-15 19:10 DenisChenu Fixed in Version => 3.15.x
2018-10-17 17:30 dominikvitt Status resolved => closed